[英]How to reference AWS managed policy arn in cloudformation?
I am going to create an IAM user with cloudformation and need to attach an AWS managed policy AWSAppSyncInvokeFullAccess
.我将使用 cloudformation 创建一个 IAM 用户,并且需要附加一个 AWS 托管策略
AWSAppSyncInvokeFullAccess
。 I think I should use the managed policy like below code:我想我应该使用如下代码的托管策略:
Resources:
publisherUser:
Type: AWS::IAM::User
Properties:
UserName: userName
ManagedPolicyArns:
- !Ref AWSAppSyncInvokeFullAccess
- !Ref AWSLambdaBasicExecutionRole
but it doesn't work since AWSAppSyncInvokeFullAccess
is from AWS not from this template.但它不起作用,因为
AWSAppSyncInvokeFullAccess
来自 AWS 而不是来自此模板。 What is the correct way to reference the policies?参考政策的正确方法是什么?
These are existing AWS-managed policies.这些是现有的 AWS 托管策略。 So you should use their full ARN , which you can get from IAM console:
所以你应该使用他们的完整 ARN ,你可以从 IAM 控制台获得它:
Resources:
publisherUser:
Type: AWS::IAM::User
Properties:
UserName: userName
ManagedPolicyArns:
- arn:aws:iam::aws:policy/AWSAppSyncInvokeFullAccess
- arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole
Or to make it partition independent:或者使其分区独立:
Resources:
publisherUser:
Type: AWS::IAM::User
Properties:
UserName: userName
ManagedPolicyArns:
- !Sub "arn:${AWS::Partition}:iam::aws:policy/AWSAppSyncInvokeFullAccess"
- !Sub "arn:${AWS::Partition}:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole"
以防万一有人想知道您可以通过单击策略页面上的策略名称找到所有 IAM 策略的 ARN。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.