如何解决云形成策略生成不正确
云的形成不会生成模板中所述的策略。
我想以我的角色创建/重新创建此完全相同的政策。
{
"Version": "2012-10-17","Statement": [
{
"Sid": "VisualEditor0","Effect": "Allow","Action": [
"cloudWatch:ListDashboards"
],"Resource": "*"
},{
"Sid": "VisualEditor1","Action": "cloudwatch:GetDashboard","Resource": "arn:aws:cloudwatch::xxxx:dashboard/test"
}
]
}
这是我的云形成模板(请参阅政策):
CustomResourceRole:
Type: 'AWS::IAM::Role'
Properties:
AssumeRolePolicyDocument:
Version: 2012-10-17
Statement:
- Effect: Allow
Principal:
Service:
- ec2.amazonaws.com
Action:
- 'sts:AssumeRole'
Path: /
Policies:
- PolicyName:
!Sub
- Cloudwatch${PolicyCustomName}DashboardAccessPolicy
- { PolicyCustomName: !Ref Tenant }
PolicyDocument:
Version: 2012-10-17
Statement:
- Effect: Allow
Action: [
"cloudWatch:ListDashboards"
]
Resource: '*'
Action: 'cloudwatch:GetDashboard'
Resource: 'arn:aws:cloudwatch::xxxx:dashboard/Test'
RootInstanceProfile:
Type: 'AWS::IAM::InstanceProfile'
Properties:
Path: /
Roles:
- !Ref CustomResourceRole
但是,这不会生成所需的策略。我得到以下输出缺少我想要的策略的第一部分,为什么?
{
"Version": "2012-10-17","Statement": [
{
"Action": "cloudwatch:GetDashboard","Resource": "arn:aws:cloudwatch::xxxx:dashboard/Test","Effect": "Allow"
}
]
}
解决方法
您为同一个Action
提供了两个Statement
,而Cloud Formation引擎使用了后者,覆盖了cloudWatch:ListDashboards
。
由于Statement
是一个列表,因此您可以编写以下两个语句:
CustomResourceRole:
Type: 'AWS::IAM::Role'
Properties:
AssumeRolePolicyDocument:
Version: 2012-10-17
Statement:
- Effect: Allow
Principal:
Service:
- ec2.amazonaws.com
Action:
- 'sts:AssumeRole'
Path: /
Policies:
- PolicyName:
!Sub
- Cloudwatch${PolicyCustomName}DashboardAccessPolicy
- { PolicyCustomName: !Ref Tenant }
PolicyDocument:
Version: 2012-10-17
Statement:
- Effect: Allow
Action: "cloudWatch:ListDashboards"
Resource: '*'
- Effect: Allow
Action: 'cloudwatch:GetDashboard'
Resource: 'arn:aws:cloudwatch::xxxx:dashboard/Test'
RootInstanceProfile:
Type: 'AWS::IAM::InstanceProfile'
Properties:
Path: /
Roles:
- !Ref CustomResourceRole
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 dio@foxmail.com 举报,一经查实,本站将立刻删除。