我正在尝试创建 AWS KMS 密钥策略,但在尝试让 Cloudformation 接受密钥策略时遇到了困扰。我能够找到和阅读的所有内容都表明此策略应该有效,并且运行时语法正确,但返回MalformedPolicyDocumentExceptionnull (服务:AWSKMS;状态代码:400;
还有其他人遇到过这个问题吗?如果有的话,我对如何解决这些错误有什么想法或建议吗?我一直被困在这个问题上,并用我的头撞,看不到我错过了什么,我的谷歌福让我失望。
代码片段:
SnowflakeProdKMS:
Type: AWS::KMS::Key
Properties:
Description: KMS key used by Snowflake to encrypt/decrypt data stored in s3
Enabled: True
EnableKeyRotation: False
KeyPolicy:
Version: 2012-10-17
Id: key-default-1
Statement:
- Sid: Enable IAM User Permissions
Effect: Allow
Principal:
AWS:
- !Sub arn:aws:iam::${AWS::AccountId}:root
Action:
- kms:*
Resource: '*'
- Sid: Enable AWSAdminRole to have full permissions to KMS key
Effect: Allow
Principal:
AWS:
- !Sub arn:aws:iam::${AWS::AccountId}:/role/AWSAdminRole
Action: kms:*
Resource: '*'
- Sid: Allow use …