使用cloudformation创建AWS IAM策略
[英]create AWS IAM Policy using cloudformation
问题描述
I have an IAM role(MyIAMrole) which has already been created. 
我已经创建了一个IAM角色(MyIAMrole)。 I want to attach a policy to this role using a Cloudformation template. 我想使用Cloudformation模板将策略附加到该角色。
"Mypolicy":{
"Type": "AWS::IAM::Policy",
"Properties": {
"PolicyName": "assume-role-policy",
"PolicyDocument": {
"Version" : "2012-10-17",
"Statement": [
{ "Effect": "Allow", "Action": "sts:AssumeRole", "Resource": "*" }
]
},
"Roles": [ { "Ref": "arn:aws:iam::*:role/MyIAMrole" } ]
}
}
When I try to validate this I am getting an error saying "Unreolved reference options". 当我尝试对此进行验证时,出现一条错误消息:“未解析的参考选项”。
How to attach this policy to an already existing role? 如何将此政策附加到已经存在的角色上?
1 个解决方案
解决方案1
2 已采纳 2017-11-01 04:46:17
I managed to get your code snippet to work by referring to the Name of a role rather than the ARN. 我设法通过引用角色名称而不是ARN来使您的代码段正常工作。
As per the AWS::IAM::Policy documentation : 根据AWS::IAM::Policy文档 :
Roles: The names of AWS::IAM::Roles to which this policy will be attached.
However, while the stack went to CREATE_COMPLETE, I couldn't see the policy listed in the Policies section of IAM, nor could I see the policy attached to the referenced role. 但是,当堆栈转到CREATE_COMPLETE时,我看不到IAM的“策略”部分中列出的策略,也看不到附加到所引用角色的策略。
It might be that you cannot use CloudFormation to attach a policy to an existing role. 可能是您无法使用CloudFormation将策略附加到现有角色。 You might need to create the Role as part of the CloudFormation template to be able to attach a role. 您可能需要将角色创建为CloudFormation模板的一部分,以便能够附加角色。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.