AWS IAM Cloudformation YAML 模板错误:不允许使用“空”值
[英]AWS IAM Cloudformation YAML template errror: 'null' values are not allowed
问题描述
I am working on a Cloudformation template for an IAM role that grants cross account read only access.
我正在为 IAM 角色开发 Cloudformation 模板,该角色授予跨账户只读访问权限。 It uses a managed policy for Readonly access as well.它也使用托管策略进行只读访问。 So far, I've resolved several errors, but now I'm getting a "'null' values are not allowed in templates" error when I try to validate the template.到目前为止,我已经解决了几个错误,但现在我在尝试验证模板时收到“模板中不允许使用‘空’值”错误。 I think it's a space or syntax thing, but I cannot be sure as it's my first time creating a cloudformation template from scratch and using YAML.我认为这是一个空间或语法问题,但我不能确定,因为这是我第一次从头开始创建 cloudformation 模板并使用 YAML。
AWSTemplateFormatVersion: '2010-09-09'
Description: AWS CloudFormation template IAM Role for New Relic to have read access to AWS account
Resources:
NewRelicInfrastructure-IntegrationsRole:
Type: AWS::IAM::Role
Properties:
AssumeRolePolicyDocument:
Version: '2012-10-17'
Statement:
Effect: Allow
Principal:
AWS: 11111111
Action: sts:AssumeRole
Condition:
StringEquals:
sts:ExternalId: '11111'
Path: '/'
ManagedPolicyArns: arn:aws:iam::aws:policy/ReadOnlyAccess
RoleName: NewRelicInfrastructure-Integrations2
3 个解决方案
解决方案1
8 2018-03-15 21:56:22
The problem is with AssumeRolePolicyDocument: .问题在于AssumeRolePolicyDocument: 。 It's required but you left it empty.它是必需的,但您将其留空。 You also have an indentation issue where Path , ManagedPolicyArns and RoleName are under Resources instead of Properties .您还有一个缩进问题,其中Path 、 ManagedPolicyArns和RoleName位于Resources而不是Properties下。
Try:尝试:
AWSTemplateFormatVersion: '2010-09-09'
Description: AWS CloudFormation template IAM Role for New Relic to have read access to AWS account
Resources:
NewRelicInfrastructure-IntegrationsRole:
Type: AWS::IAM::Role
Properties:
AssumeRolePolicyDocument:
Version: '2012-10-17'
Statement:
Effect: Allow
Principal:
AWS: 11111111
Action: sts:AssumeRole
Condition:
StringEquals:
sts:ExternalId: '11111'
Path: '/'
ManagedPolicyArns: arn:aws:iam::aws:policy/ReadOnlyAccess
RoleName: NewRelicInfrastructure-Integrations2
解决方案2
4 已采纳 2018-03-23 02:30:20
Indentation fixed, it was specifying something in AssumeRolePolicyDocument, but the YAML syntac wasn't correct, this worked:缩进已修复,它在 AssumeRolePolicyDocument 中指定了一些内容,但 YAML 语法不正确,这有效:
AWSTemplateFormatVersion: '2010-09-09'
Description: AWS CloudFormation template IAM Role for New Relic to have read access to AWS account
Resources:
NewRelicInfrastructureIntegrationsRole:
Type: AWS::IAM::Role
Properties:
Path: '/managed/'
ManagedPolicyArns:
- 'arn:aws:iam::aws:policy/ReadOnlyAccess'
AssumeRolePolicyDocument:
Version: '2012-10-17'
Statement:
-
Action: sts:AssumeRole
Effect: Allow
Principal:
AWS: 1111111111111
Condition:
StringEquals:
sts:ExternalId: '11111'
RoleName: NewRelicInfrastructureIntegrationsRole
解决方案3
3 2020-03-24 17:59:19
Use YAML interpreter online to show you where you might be getting a null value in your yaml file.在线使用 YAML 解释器向您展示您可能在 yaml 文件中获得空值的位置。 They're hard to spot as a wrong indentation can result in a null value - the yaml interpreter will show you in json where you're getting that value.它们很难被发现,因为错误的缩进会导致空值 - yaml 解释器将在 json 中显示您获取该值的位置。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.