堆栈内存溢出
  简体   繁体   English

如何在信任关系中导入值

[英]How to ImportValue in trust relationship

 原文  2022-03-14 17:33:47       amazon-web-services/ amazon-cloudformation/ openid-connect/ amazon-eks

问题描述

I have exported a value from another stack and trying to import in "AssumeRolePolicyDocument" in cloudformation role, tried many ways but getting below error我从另一个堆栈导出了一个值并尝试以 cloudformation 角色导入“AssumeRolePolicyDocument”,尝试了很多方法但出现以下错误

"Syntax error at position (1,195) (Service: AmazonIdentityManagement; Status Code: 400; Error Code: MalformedPolicyDocument; Request ID: b1b4b5ef-88ef-444b-8aa7-0548ce0002a6; Proxy: null)" “语法错误 position (1,195)(服务:AmazonIdentityManagement;状态代码:400;错误代码:MalformedPolicyDocument;请求 ID:b1b4b5ef-88ef-444b-8aa7-0548ce0002a6;代理:空)”

  EksAutoscalerRole: 
    Type: AWS::IAM::Role
    Properties:
      RoleName: Eks-Autoscaler-Role
      Path: "/"
      AssumeRolePolicyDocument: 
        Version: '2012-10-17'
        Statement:
        - Effect: Allow
          Principal:
            Federated: 
              'Fn::Sub':
              - 'arn:aws:iam::1122334455:oidc-provider/oidc.eks.us-east-1.amazonaws.com/id/${oidc}'
              - oidc: 
                  "Fn::ImportValue": EksOidc
          Action: 'sts:AssumeRoleWithWebIdentity'
          Condition:
            StringEquals:   
              'Fn::Sub': 
              - 'oidc.eks.us-east-1.amazonaws.com/id/${oidc}:sub: system:serviceaccount:kube-system:cluster-autoscaler'
              - oidc: 
                  "Fn::ImportValue": EksOidc
      ManagedPolicyArns:
      - !Ref EksAutoscalerPolicy

Tried below ways too: Insert a CloudFormation ImportValue similar to how you can insert a Parameter?也尝试了以下方法: 插入类似于插入参数的 CloudFormation ImportValue?

UPDATED Tried below code worked now.更新试过下面的代码现在可以工作了。

  EksAutoscalerRole: 
    Type: AWS::IAM::Role
    Properties:
      RoleName: Eks-Autoscaler-Role
      Path: /
      AssumeRolePolicyDocument: 
        "Fn::Sub":
        - '{
            "Version": "2012-10-17",
            "Statement": [
                {
                    "Effect": "Allow",
                    "Principal": {
                        "Federated": "${EksAutoscalerProvider}"
                    },
                    "Action": "sts:AssumeRoleWithWebIdentity",
                    "Condition": {
                        "StringEquals": {
                            "oidc.eks.${AWS::Region}.amazonaws.com/id/${oidcNo}:sub": "system:serviceaccount:kube-system:cluster-autoscaler"
                        }
                    }
                }
            ]
          }'
        - oidcNo: !Select [0, !Split [".", !Select [1, !Split ["//", !GetAtt EksCluster.Endpoint]]]]
      ManagedPolicyArns:
      - !Ref EksAutoscalerPolicy

1 个解决方案

解决方案1
 0  2022-03-14 23:15:05

Check your indentation.检查你的缩进。 The Sub function should be indented like this according to the documentation :根据文档,Sub function 应该像这样缩进:

Fn::Sub:
  - String
  - Var1Name: Var1Value
    Var2Name: Var2Value

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 如何在 cloudformation 中引用 ImportValue 中的变量? - How can I ref a variable in ImportValue in cloudformation? Cloudformation 如何在 Sub 内部的 ImportValue 内部进行 Sub? - Cloudformation how to Sub inside of a ImportValue inside of a Sub? 如何使用 !ImportValue 通过 AWS SAM 模板获取资源 arn - How to use !ImportValue to get the resource arn using AWS SAM template 不能在 AWS CLI 中担任角色,即使有信任关系 - Can't assume role in AWS CLI, even with trust relationship ParameterOverride CodePipeline 中的 Cloudformation ImportValue - Cloudformation ImportValue within ParameterOverride CodePipeline Azure Active Directory 应用程序注册如何建立信任? - How does an Azure Active Directory app registration establish trust? 使用实例配置文件分配角色与将 EC2 实例添加到信任关系 - Using Instance Profile to assign role vs. adding EC2 instance to trust relationship 在 cloudformation 中的 yaml 中的 json 中使用 Fn::ImportValue - use Fn::ImportValue inside a json which is inside a yaml in cloudformation AWS SAM 本地启动 API 无法解析 Fn::ImportValue - AWS SAM local start-api cannot resolve Fn::ImportValue 如何更新ddb中的一对多关系 - how to update one to many relationship in ddb
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM