如何在 cloudformation 中引用 AWS 托管策略 arn?
[英]How to reference AWS managed policy arn in cloudformation?
问题描述
I am going to create an IAM user with cloudformation and need to attach an AWS managed policy AWSAppSyncInvokeFullAccess .
我将使用 cloudformation 创建一个 IAM 用户,并且需要附加一个 AWS 托管策略AWSAppSyncInvokeFullAccess 。 I think I should use the managed policy like below code:我想我应该使用如下代码的托管策略:
Resources:
publisherUser:
Type: AWS::IAM::User
Properties:
UserName: userName
ManagedPolicyArns:
- !Ref AWSAppSyncInvokeFullAccess
- !Ref AWSLambdaBasicExecutionRole
but it doesn't work since AWSAppSyncInvokeFullAccess is from AWS not from this template.但它不起作用,因为AWSAppSyncInvokeFullAccess来自 AWS 而不是来自此模板。 What is the correct way to reference the policies?参考政策的正确方法是什么?
2 个解决方案
解决方案1
2 2020-10-27 23:44:22
These are existing AWS-managed policies.这些是现有的 AWS 托管策略。 So you should use their full ARN , which you can get from IAM console:所以你应该使用他们的完整 ARN ,你可以从 IAM 控制台获得它:
Resources:
publisherUser:
Type: AWS::IAM::User
Properties:
UserName: userName
ManagedPolicyArns:
- arn:aws:iam::aws:policy/AWSAppSyncInvokeFullAccess
- arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole
Update更新
Or to make it partition independent:或者使其分区独立:
Resources:
publisherUser:
Type: AWS::IAM::User
Properties:
UserName: userName
ManagedPolicyArns:
- !Sub "arn:${AWS::Partition}:iam::aws:policy/AWSAppSyncInvokeFullAccess"
- !Sub "arn:${AWS::Partition}:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole"
解决方案2
1 2021-07-01 22:07:58
以防万一有人想知道您可以通过单击策略页面上的策略名称找到所有 IAM 策略的 ARN。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.