gpt4 book ai didi

amazon-web-services - 如何调试cloudformation模板?策略中的语法错误。 YAML 文件

转载 作者:行者123 更新时间:2023-12-02 20:17:59 24 4
gpt4 key购买 nike

部署堆栈时遇到的错误:

Syntax errors in policy. (Service: AmazonIdentityManagement; Status Code: 400; Error Code: MalformedPolicyDocument; Request ID: 

这是我的角色策略导致错误:

  roleEc2:
Type: AWS::IAM::Role
Properties:
AssumeRolePolicyDocument:
Version: "2012-10-17"
Statement:
-
Effect: Allow
Principal:
Service:
- 'ec2.amazonaws.com'
Action:
- 'sts:AssumeRole'
Path: '/'
Policies:
-
PolicyName: 'bucket-access'
PolicyDocument:
Version: '2012-10-17'
Id: 'BucketPolicy'
Statement:
- Effect: Allow
Action:
- s3:ListBucket
- s3:GetObject
- s3:GetBucketLocation
Resource:
- arn:aws:s3:::code-dir
- arn:aws:s3:::code-dir/*
Principal: !Ref BucketPrincipal

而且我不知道如何调试它,我不知道如何理解哪里有错误,什么行号。

最佳答案

(我知道这是一年后的事了,但仍然......)我喜欢使用的一个好工具是 cfn-lint:https://github.com/aws-cloudformation/cfn-python-lint针对您的模板运行此命令,它将显示您在哪一行做错了什么:

代码中的问题:没有前四行,在 IAM 策略中不能有委托(delegate)人(最后一行)。

---
AWSTemplateFormatVersion: '2010-09-09'
Description: AoD CloudFormation Template Detective Controls
Resources:
roleEc2:
Type: AWS::IAM::Role
Properties:
AssumeRolePolicyDocument:
Version: "2012-10-17"
Statement:
-
Effect: Allow
Principal:
Service:
- 'ec2.amazonaws.com'
Action:
- 'sts:AssumeRole'
Path: '/'
Policies:
-
PolicyName: 'bucket-access'
PolicyDocument:
Version: '2012-10-17'
Id: 'BucketPolicy'
Statement:
- Effect: Allow
Action:
- s3:ListBucket
- s3:GetObject
- s3:GetBucketLocation
Resource:
- arn:aws:s3:::code-dir
- arn:aws:s3:::code-dir/*

关于amazon-web-services - 如何调试cloudformation模板?策略中的语法错误。 YAML 文件,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/51982920/

24 4 0
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com