[英]How to use AWS CloudFormation pseudoparameter inside IAM Policy Document
我正在使用 AWS CloudFormation(基于 YAML)来部署 IAM 角色。 应该允许此角色部署其他 CloudFormation 资源,并拥有作为受信任实体部署到的 AWS 账户的根。 我正在尝试使用内置伪参数AWS::AccountId提供帐户 ID: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/pseudo-parameter-reference.html#cfn-伪参数 accountid 。
这是我按照官方文档尝试过的: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-policy.html (仅显示我的 CFN 模板的resources部分) :
Resources:
IAMRole:
Type: AWS::IAM::Role
Properties:
AssumeRolePolicyDocument:
Statement:
- Action: ["sts:AssumeRole"]
Effect: Allow
Principal:
Service: [cloudformation.amazonaws.com]
AWS: arn:aws:iam::AWS::AccountId:root # <-- ERROR HERE !
由于 CloudFormation 堆栈中的Invalid principal (在 AWS 管理控制台中的Events下),这会导致MalformedPolicyDocument错误:
Invalid principal in policy: "AWS":"arn:aws:iam::AWS::AccountId:root" (Service: AmazonIdentityManagement; Status Code: 400; Error Code: MalformedPolicyDocument
我尝试改变AWS Principal 值的语法:
校长的错误在哪里,如何纠正?
AWS CloudFormation:如何在 AWS::IAM::Policy 中引用另一个堆栈中定义的角色
[英]AWS CloudFormation: How to refer a role defined in another stack inside AWS::IAM::Policy
设置Lambda以创建不带IAM策略的AWS CloudFormation
[英]Setting up Lambda to Create AWS CloudFormation without IAM Policy
AWS IAM 策略基于父 Cloudformation 限制对资源的访问
[英]AWS IAM Policy restrict access to resources based on parent Cloudformation
如何使用 Terraform 创建没有代入角色策略的 AWS IAM 角色?
[英]How To Use Terraform To Create an AWS IAM Role with No Assume Role Policy?
如何在 python boto3 中获取 iam 用户的 aws 托管策略的策略文档?
[英]How to get policy document for aws managed policy of a iam user in python boto3?
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.