我正在尝试通过实例的 userdata 属性将文件从 S3 存储桶下载到实例。但是,我收到错误:
调用 HeadObject 操作时发生客户端错误 (301):永久移动。
我使用 IAM 角色、托管策略和实例配置文件来为实例提供对 s3 存储桶的访问权限:
Run Code Online (Sandbox Code Playgroud)"Role": { "Type": "AWS::IAM::Role", "Properties": { "AssumeRolePolicyDocument": { "Statement": [ { "Effect": "Allow", "Principal": { "Service": [ "ec2.amazonaws.com", "s3.amazonaws.com" ] }, "Action": [ "sts:AssumeRole" ] } ] }, "Path": "/", "ManagedPolicyArns": [ { "Ref": "ManagedPolicy" } ] }, "Metadata": { "AWS::CloudFormation::Designer": { "id": "069d4411-2718-400f-98dd-529bb95fd531" } } }, "RolePolicy": { "Type": "AWS::IAM::Policy", "Properties": { "PolicyName": "S3Download", "PolicyDocument": { "Statement": [ { "Action": [ "s3:*" ], "Effect": "Allow", …
amazon-s3 amazon-ec2 http-error aws-cloudformation amazon-iam
如何取消引用字符串中间的参数?
我有一个 JSON Cloudformation 模板文件,它采用 S3 存储桶名称(“BucketName”)的参数,以在授予该存储桶权限的 IAM 策略中使用——策略如下:
{
"Version": "2012-10-17",
"Statement": [
{
"Action": [
"s3:GetObject",
"s3:ListObject"
],
"Resource": [
"arn:aws:s3:::${Ref:BucketName}/*"
],
"Effect": "Allow"
}
]
}
"arn:aws:s3:::${Ref:BucketName}/" 不起作用;
"arn:aws:s3:::", {"Ref": "BucketName"}, "/" 也不起作用,因为它将其读取为字符串列表而不是单个字符串。
我知道我可以将整个 arn 作为参数,而不仅仅是存储桶名称,但是我如何能够在字符串中引用 BucketName?
谢谢!
formatting json amazon-s3 amazon-web-services aws-cloudformation