堆栈内存溢出
  简体   繁体   English

无法仅使用 cloudformation 创建 IAM 策略

[英]Cannot create only IAM policy with cloudformation

 原文  2017-09-19 22:51:29       amazon-web-services/ amazon-cloudformation/ amazon-iam

问题描述

I am having issue with creating IAM policy in cloudformation.But when I run it I get the error that Groups,Roles,Users is required:我在 cloudformation 中创建 IAM 策略时遇到问题。但是当我运行它时,我收到了需要 Groups、Roles、Users 的错误:

Here is my code:这是我的代码:

{
"AWSTemplateFormatVersion": "2010-09-09",
"Description": "AWS CloudFormation Template IAM Groups and Policies",
"Resources": {
    "PolicyAutoScalingLimitedOperation": {
        "Type": "AWS::IAM::Policy",
        "Properties": {
            "PolicyName": "AutoScaling-Limited-Operation",
            "PolicyDocument": {
                "Statement": [{
                        "Effect": "Allow",
                        "Action": [
                            "dynamodb:*"
                        ],
                        "Resource": "*"
                    },
                    {
                        "Effect": "Allow",
                        "Action": [
                            "cloudwatch:PutMetricData"
                        ],
                        "Resource": "*"
                    },
                    {
                        "Effect": "Allow",
                        "Action": [
                            "xray:PutTraceSegments",
                            "xray:PutTelemetryRecords"
                        ],
                        "Resource": "*"
                    },
                    {
                        "Effect": "Allow",
                        "Action": [
                            "s3:Get*",
                            "s3:List*",
                            "s3:PutObject"
                        ],
                        "Resource": "*"
                    },
                    {
                        "Effect": "Allow",
                        "Action": [
                            "logs:PutLogEvents",
                            "logs:CreateLogStream"
                        ],
                        "Resource": "arn:aws:logs:*:*:log-group:/aws/elasticbeanstalk*"
                    },
                    {
                        "Effect": "Allow",
                        "Action": [
                            "kms:ListAliases",
                            "kms:ListKeys",
                            "kms:Encrypt",
                            "kms:Decrypt"
                        ],
                        "Resource": "*"
                    }
                ]
            }
        }
    }
}

} }

Now when I run it I get:现在,当我运行它时,我得到:

At least one of [Groups,Roles,Users] must be non-empty.

Does that mean I cannot create policy with cloudformation without adding user/role to it?这是否意味着如果不向 cloudformation 添加用户/角色就无法使用 cloudformation 创建策略?

2 个解决方案

解决方案1
 42 已采纳  2017-09-19 23:35:44

You probably want to create an AWS::IAM::ManagedPolicy if you just want a standalone policy.如果您只需要一个独立的策略,您可能想要创建一个AWS::IAM::ManagedPolicy

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-managedpolicy.html http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-managedpolicy.html

解决方案2
 7  2018-11-30 23:39:44

From the documentation :文档

AWS::IAM::ManagedPolicy creates an AWS Identity and Access Management (IAM) managed policy for your AWS account, which you can use to apply permissions to IAM users, groups, and roles. AWS::IAM::ManagedPolicy 为您的 AWS 账户创建 AWS Identity and Access Management (IAM) 托管策略,您可以使用该策略将权限应用于 IAM 用户、组和角色。

Here's an example:下面是一个例子:

Resources:
  CreateTestDBPolicy: 
    Type: AWS::IAM::ManagedPolicy
    Properties: 
      Description: "Policy for creating a test database"
      Path: "/"
      PolicyDocument: 
      Version: "2012-10-17"
      Statement: 
        - 
          Effect: "Allow"
          Action: "rds:CreateDBInstance"
          Resource: "*"

This will resolve your issue.这将解决您的问题。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 使用cloudformation创建AWS IAM策略 - create AWS IAM Policy using cloudformation Cloudformation IAM政策 - Cloudformation IAM Policy 创建仅CloudFormation AWS策略 - Create a CloudFormation only AWS policy 设置Lambda以创建不带IAM策略的AWS CloudFormation - Setting up Lambda to Create AWS CloudFormation without IAM Policy 如何为 Cloudformation 创建基于堆栈状态的 IAM 策略? - How to create an IAM policy for Cloudformation, which is based on a stack state? AWS Cloudformation IAM策略与资源 - AWS Cloudformation IAM Policy with Resource 是否可以创建仅创建有限IAM权限的IAM策略? - Is it possible to create an IAM Policy that allows the the creation of only limited IAM Permissions? 使用 CloudFormation 创建 IAM 账户 - Create IAM account with CloudFormation 适用于Cloudformation的最低特权AWS IAM策略 - Least privilege AWS IAM policy for cloudformation CloudFormation YAML - 带有具有条件的语句的 IAM 策略 - CloudFormation YAML - IAM policy with a statement that has a condition
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM