在 AWS 中为 OIDC 提供商的角色添加策略时出错
[英]error adding policy for a role for OIDC provider in AWS
问题描述
I have created a OIDC provider for Firebase from AWS console.
我从 AWS 控制台为 Firebase 创建了一个 OIDC 提供程序。 Next, to create a Role for this OIDC provider, as described in AWS docs here , (don't know who writes/maintains such never helpful docs) I am trying to create a trust policy like below:接下来,要为该 OIDC 提供商创建角色,如此处的AWS 文档中所述,(不知道谁编写/维护了这样无用的文档),我正在尝试创建如下所示的信任策略:
{
"Version": "2012-10-17",
"Statement": [{
"Sid": "RoleForLoginFirebaseOIDC",
"Effect": "Allow",
"Principal": {"Federated": "arn:aws:iam::100110001110:oidc-provider/securetoken.google.com/firebaseProjectId"},
"Action": "sts:AssumeRoleWithWebIdentity",
"Condition": {
"StringEquals": {"securetoken.google.com:aud": "firebaseProjectId"},
"ForAnyValue:StringLike": {"cognito-identity.amazonaws.com:amr": "unauthenticated"}
}
}]
}
However, getting below 2 errors:但是,低于 2 个错误:
Ln 3, Col 18 Missing Resource: Add a Resource or NotResource element to the policy statement.
Ln 3, Col 18 Missing Resource:将 Resource 或 NotResource 元素添加到策略声明。Ln 6, Col 21 Unsupported Principal: The policy type IDENTITY_POLICY does not support the Principal element.
Ln 6, Col 21 Unsupported Principal:策略类型 IDENTITY_POLICY 不支持 Principal 元素。 Remove the Principal element.删除 Principal 元素。
1 个解决方案
解决方案1
0 2021-04-04 07:04:12
looks like its a issue when adding from AWS console, adding the rule and its policy using AWS CLI works with no issues - follow https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create_for-idp.html to add rule/policy using CLI从 AWS 控制台添加时看起来像是一个问题,使用 AWS CLI 添加规则及其策略没有问题 - 遵循https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create_for-idp.html使用 CLI 添加规则/策略
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.