使用托管策略和内联策略创建角色时出现云形成错误
[英]Cloud formation error in creating the Role with managed policy and inline policy
问题描述
When i run this stack, i am receiving the below error. 
当我运行此堆栈时,我收到以下错误。 Trying for the first time with the help of AWS documents, But still could not figure the error. 在AWS文档的帮助下第一次尝试,但仍然无法找出错误。
By this CFT, i am trying to create a role with managed policy and attach a inline policy to it 通过此CFT,我尝试使用托管策略创建角色并为其附加内联策略
Syntax errors in policy. (Service: AmazonIdentityManagement; Status Code: 400; Error Code: MalformedPolicyDocument
But could not figure out where the syntax is missing, Can someone help me here. 但无法弄清楚语法缺失的位置,有人可以帮助我。
"EMRDefaultRole": {
"Type": "AWS::IAM::Role",
"Properties": {
"RoleName": "EMR_DefaultRole",
"AssumeRolePolicyDocument": {
"Version": "2012-10-17",
"Statement": [ {
"Effect": "Allow",
"Principal": {
"Service": "elasticmapreduce.amazonaws.com"
},
"Action": "sts:AssumeRole"
} ]
},
"ManagedPolicyArns": [
"arn:aws:iam::aws:policy/service-role/AmazonElasticMapReduceRole"
]
}
},
"EMRS3Policies": {
"Type": "AWS::IAM::Policy",
"Properties": {
"PolicyName": "Moodys-IAM-EMR-S3-Access-Policy",
"PolicyDocument": {
"Statement": [{
"Effect": "Allow",
"Action": [
"s3:HeadBucket",
"s3:ListObjects"
],
"Resource": {["Fn::Join",[
"-",
[
"mit",
{
"Ref": "AWS::AccountId"
}
"emr-files/*"
]]
]}
}]
},
"Roles": [{"Ref": "EMRDefaultRole"}]
1 个解决方案
解决方案1
0 已采纳 2019-04-25 10:49:17
There is a problem in the Resource key, you are incorrectly using Fn::Join . Resource键出现问题,您使用Fn::Join 。 It should be: 它应该是:
{
"Resource": {
"Fn::Join": [
"",
[
"arn:aws:s3:::mit-",
{ "Ref": "AWS::AccountId" },
"-emr-files/*"
]
]
}
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.