[英]AWS::RDS::DBInstance is not being created from cloudformation
This is my cloudformation json code to create DBInstance.这是我创建 DBInstance 的 cloudformation json 代码。 I have successfully created VPC and EC2 instances and added this code to create DBInstance.我已成功创建 VPC 和 EC2 实例并添加此代码以创建 DBInstance。 But I am having following error while updating my stack with new json file including this DBInstance code.但是我在使用包含此 DBInstance 代码的新 json 文件更新我的堆栈时遇到以下错误。
Unable to create the resource.无法创建资源。 Verify that you have permission to create service linked role.验证您是否有权创建服务相关角色。 Otherwise wait and try again later (Service: AmazonRDS; Status Code: 400; Error Code: InvalidParameterValue; Request ID: 1b64b02f-255a-4f5d-b68a-b0bacf6f2dba)否则请稍后再试(服务:AmazonRDS;状态代码:400;错误代码:InvalidParameterValue;请求 ID:1b64b02f-255a-4f5d-b68a-b0bacf6f2dba)
"myDBInstance" : {
"Type" : "AWS::RDS::DBInstance",
"Properties" : {
"DBName" : { "Ref" : "DBName"},
"AllocatedStorage" : "20",
"DBInstanceClass" : { "Ref" : "DBInstanceClass"},
"Engine" : "MySQL",
"EngineVersion" : "5.7.17",
"MasterUsername" : { "Ref" : "DBUser"},
"MasterUserPassword" : { "Ref" : "DBPassword"},
"DBParameterGroupName" : { "Ref" : "myRDSParameterGroup"}
}
},
"myRDSParameterGroup" : {
"Type" : "AWS::RDS::DBParameterGroup",
"Properties" : {
"Family" : "MySQL5.6",
"Description" : "Cloudformation database parameter group",
"Parameters" : {
"autocommit" : "1",
"general_log" : "1",
"old_passwords" : "0"
}
}
}
AWS answers this specifically for RDS in their docs: https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.IAM.ServiceLinkedRoles.html AWS 在他们的文档中专门针对 RDS 回答了这个问题: https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.IAM.ServiceLinkedRoles.html
{
"Action": "iam:CreateServiceLinkedRole",
"Effect": "Allow",
"Resource": "arn:aws:iam::*:role/aws-service-role/rds.amazonaws.com/AWSServiceRoleForRDS",
"Condition": {
"StringLike": {
"iam:AWSServiceName":"rds.amazonaws.com"
}
}
}
I was facing the same issue earlier, actually, the response says itself whats the problem. 实际上,我早些时候也遇到过同样的问题,响应本身说明了问题所在。
"Unable to create the resource. Verify that you have permission to create service linked role. " “无法创建资源。请确认您具有创建服务链接角色的权限。”
Means the IAM user your using to create this resource doesn't have permission to create service linked role, So you need to add this permission to your IAM user policy as follows. 意味着您用来创建此资源的IAM用户没有创建服务链接角色的权限,因此您需要按以下方式将此权限添加到IAM用户策略中。
Solution: 解:
{
"Effect": "Allow",
"Action": "iam:CreateServiceLinkedRole",
"Resource": "*"
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.