我正在尝试将AWS的SNS与SSM一起使用,但却收到有关角色的错误.
这是错误:
botocore.errorfactory.InvalidRole: An error occurred (InvalidRole) when calling the SendCommand operation: ServiceRoleArn is not valid: arn:aws:iam::<account #>:role/FullSNS
这是相关的代码:
response = client.send_command(
InstanceIds=[
'<instance id>',
],
DocumentName='AWS-RunShellScript',
Parameters={
'commands': [
'<command>',
],
'workingDirectory': [
'<directory>'
]
},
OutputS3BucketName='<s3 bucket>',
ServiceRoleArn='arn:aws:iam::<account #>:role/FullSNS',
NotificationConfig={
'NotificationArn': 'arn:aws:sns:us-east-1:<account #>:MyTestTopic',
'NotificationEvents': [
'All',
],
'NotificationType': 'Command'
}
)
以下是该角色的政策:
{
"Version": "2012-10-17",
"Statement": [
{
"Action": [
"sns:*"
],
"Effect": "Allow",
"Resource": "*"
}
]
}
以上是与boto3,但如果我在控制台中尝试它我会得到相同的错误.