AWS CloudFormation:如何在 AWS::IAM::Policy 中引用另一個堆棧中定義的角色
[英]AWS CloudFormation: How to refer a role defined in another stack inside AWS::IAM::Policy
原文
2023-01-09 10:05:30
2
1
amazon-web-services/
amazon-cloudformation/
aws-cloudformation-custom-resource
問題描述
Cloudformation 堆棧 1:
AWSTemplateFormatVersion: 2010-09-09
Metadata:
'AWS::CloudFormation::Designer':
c311c237-d7a4-4fac-a838-8a5a37a4b083:
size:
width: 60
height: 60
position:
x: 127
'y': 160
z: 0
Resources:
ECSRole:
Type: AWS::IAM::Role
Properties:
AssumeRolePolicyDocument:
Statement:
- Effect: Allow
Principal:
Service: [ecs.amazonaws.com]
Action: ['sts:AssumeRole']
Path: /
Policies:
- PolicyName: ecs-service
PolicyDocument:
Statement:
- Effect: Allow
Action:
- 'ec2:AttachNetworkInterface'
- 'ec2:CreateNetworkInterface'
- 'ec2:CreateNetworkInterfacePermission'
- 'ec2:DeleteNetworkInterface'
- 'ec2:DeleteNetworkInterfacePermission'
- 'ec2:Describe*'
- 'ec2:DetachNetworkInterface'
- 'elasticloadbalancing:DeregisterInstancesFromLoadBalancer'
- 'elasticloadbalancing:DeregisterTargets'
- 'elasticloadbalancing:Describe*'
- 'elasticloadbalancing:RegisterInstancesWithLoadBalancer'
- 'elasticloadbalancing:RegisterTargets'
Resource: '*'
Outputs:
ECSTaskRoleId:
Description: ECSRoleId
Value: !GetAtt
- ECSRole
- RoleId
Export:
Name: !Join [ ':', [ !Ref 'AWS::StackName', ECSTaskRoleId ] ]
ECSTaskRoleIdECSRole:
Description: The ARN of the ECS role
Value: !GetAtt 'ECSRole.Arn'
Export:
Name: !Join [ ':', [ !Ref 'AWS::StackName', 'ECSRole' ] ]
**
堆棧 2:**
Resources:
SNSRWPolicy:
Type: 'AWS::IAM::Policy'
Properties:
Role :
- Fn::ImportValue: 'testk2:ECSTaskRoleId'
PolicyName: test-snspolicy
PolicyDocument:
Statement:
- Effect: Allow
Action:
- 'sns:Publish'
- 'kms:Decrypt'
- 'kms:GenerateDataKey'
Metadata:
'AWS::CloudFormation::Designer':
id: c5c7c890-30c7-470d-9233-57b8bd630856
我收到以下錯誤
找不到名為 AROA3RRAFXNEDPVQKOLIW 的角色。 (服務:AmazonIdentityManagement;狀態代碼:404;錯誤代碼:NoSuchEntity;請求 ID:d5ad937f-94c3-458e-a803-0c37258e05f1;代理:null)
如何導入 IAM::Role 以在另一個堆棧中附加策略? CloudFormation 初學者:(
1 個解決方案
解決方案1
0 2023-01-10 16:27:26
問題是 Type: 'AWS::IAM::Policy' property Roles 需要 Role name而不是 role ID 。
CloudFormation 對名稱和 ID 非常敏感。 因此,請始終確保您提及正確的財產。
Outputs:
ECSTaskRole:
Description: The ECSRole name
Value: !Ref ECSRole
因此,在導出時,它將導出名稱,而 importValue 將正確采用該名稱。
aws_iam_role 和aws_iam_role_policy 是什么意思?
[英]What is the meaning of aws_iam_role and aws_iam_role_policy?
terraform managed_policy_arns 問題與 aws_iam_role
[英]terraform managed_policy_arns issue with aws_iam_role
Terraform AWS IAM 角色“inline_policy.0.policy”包含使用 ${file xyz} 和 jsonencode 的無效 JSON 策略
[英]Terraform AWS IAM Role “inline_policy.0.policy” contains an invalid JSON policy using ${file xyz} and jsonencode
如何在 AWS 中定義僅允許使用預定義模板創建堆棧的策略/角色/權限
[英]How to define a policy/role/permission in AWS which only allows to create stack with a predefined template
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.
相關問題
IAM 角色訪問另一個 AWS 賬戶的服務
aws_iam_role 和aws_iam_role_policy 是什么意思?
terraform managed_policy_arns 問題與 aws_iam_role
AWS IAM。 如何查找我當前角色的權限/策略
Terraform AWS IAM 角色“inline_policy.0.policy”包含使用 ${file xyz} 和 jsonencode 的無效 JSON 策略
AWS 管理員角色政策
AWS SNS 主題策略 Cloudformation
AWS IAM 角色與組
AWS 中 IAM 角色和 IAM 用戶的區別
如何在 AWS 中定義僅允許使用預定義模板創建堆棧的策略/角色/權限
相關標簽