所以我尝试运行此 cloudformation 脚本,但收到此错误:
Your access has been denied by S3, please make sure your request credentials have permission to GetObject for s3.XXXX.amazonaws.com/s3-bucket/folder-1/folder-2/code.zip. S3 Error Code: AccessDenied. S3 Error Message: Access Denied
我什至尝试过公开我的 code.zip!这不是我理想中想做的事......
这是我的代码:
"lambdafunction": {
"Type": "AWS::Lambda::Function",
"DependsOn": [
"other1",
"other2",
"other3"
],
"Properties": {
"Code": {
"S3Bucket": "s3.XXXX.amazonaws.com",
"S3Key": "s3-bucket/folder-1/folder-2/code.zip"
},
"Role": {
"Fn::GetAtt": [
"accessrole",
"Arn"
]
},
"Timeout": 60,
"Handler": "lambda_function.lambda_handler",
"Runtime": "python2.7",
"MemorySize": 1024
},
"Metadata": {
"AWS::CloudFormation::Designer": {
"id": "XXXX"
}
}
},
提前致谢!
提前致谢!
多年来我一直坚持这个问题,找不到解决方案......
基本上我想在我的弹性搜索服务上实现相同的访问策略,但是当我尝试在cloudformation中重新创建它时,我收到一个循环依赖性错误..我知道导致错误的Fn :: GetAtt是什么引用了弹性搜索DomainArn.
所以我的问题是如何在不引用我的elk域arn的情况下实现此语句?
模板包含错误:资源之间的循环依赖:[XXXXXX]
"XXXXXX": {
"Type": "AWS::Elasticsearch::Domain",
"Properties": {
"AccessPolicies": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"AWS": {
"Fn::GetAtt": ["myuser", "Arn"]
}
},
"Action": "es:*",
"Resource": {
"Fn::GetAtt": ["XXXXXX", "DomainArn"]
}
},
{
"Sid": "",
"Effect": "Allow",
"Principal": {
"AWS": "*"
},
"Action": "es:*",
"Resource": {
"Fn::GetAtt": ["XXXXXX", "DomainArn"]
},
"Condition": {
"IpAddress": {
"aws:SourceIp": [
"xx.xx.xx.xx",
"xx.xx.xx.xx"
]
}
}
}
]
},
"DomainName": "XXXXXX",
"EBSOptions": {
"EBSEnabled": "True",
"VolumeSize": 10, …提前致谢!
不知道为什么会发生这种情况,这非常烦人,因为它需要一个小时才能失败。
为什么我的 Cloudformation Elasticsearch 服务设置不稳定的任何想法?
它返回此错误: 创建 Elasticsearch 域不稳定
"elk": {
"Type": "AWS::Elasticsearch::Domain",
"Properties": {
"AccessPolicies": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"AWS": {
"Fn::GetAtt": [
"esuseraccess",
"Arn"
]
}
},
"Action": "es:*",
"Resource": {
"Fn::Sub": "arn:aws:es:${AWS::Region}:${AWS::AccountId}:domain/elk"
}
},
{
"Sid": "",
"Effect": "Allow",
"Principal": {
"AWS": "*"
},
"Action": "es:*",
"Resource": {
"Fn::Sub": "arn:aws:es:${AWS::Region}:${AWS::AccountId}:domain/elk"
},
"Condition": {
"IpAddress": {
"aws:SourceIp": [
"XX.XX.XX.XX",
"XX.XX.XX.XX"
]
}
}
}
]
},
"DomainName": "elk",
"EBSOptions": {
"EBSEnabled": …