gpt4 book ai didi

amazon-web-services - 云形成策略生成不正确

转载 作者:行者123 更新时间:2023-12-03 07:31:03 25 4
gpt4 key购买 nike

云形成不会按照模板中的描述生成我的策略。

我想在我的角色中创建/重新创建这个确切的策略。

{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"cloudWatch:ListDashboards"
],
"Resource": "*"
},
{
"Sid": "VisualEditor1",
"Effect": "Allow",
"Action": "cloudwatch:GetDashboard",
"Resource": "arn:aws:cloudwatch::xxxx:dashboard/test"
}
]
}

这是我的云形成模板(请参阅政策):

  CustomResourceRole:
Type: 'AWS::IAM::Role'
Properties:
AssumeRolePolicyDocument:
Version: 2012-10-17
Statement:
- Effect: Allow
Principal:
Service:
- ec2.amazonaws.com
Action:
- 'sts:AssumeRole'
Path: /
Policies:
- PolicyName:
!Sub
- Cloudwatch${PolicyCustomName}DashboardAccessPolicy
- { PolicyCustomName: !Ref Tenant }
PolicyDocument:
Version: 2012-10-17
Statement:
- Effect: Allow
Action: [
"cloudWatch:ListDashboards"
]
Resource: '*'
Action: 'cloudwatch:GetDashboard'
Resource: 'arn:aws:cloudwatch::xxxx:dashboard/Test'
RootInstanceProfile:
Type: 'AWS::IAM::InstanceProfile'
Properties:
Path: /
Roles:
- !Ref CustomResourceRole

但是,这不会生成所需的策略。我得到以下输出,缺少我所需策略的第一部分,为什么?

{
"Version": "2012-10-17",
"Statement": [
{
"Action": "cloudwatch:GetDashboard",
"Resource": "arn:aws:cloudwatch::xxxx:dashboard/Test",
"Effect": "Allow"
}
]
}

最佳答案

您为同一个 Statement 提供了两个 Action,Cloud Formation 引擎使用了后者,覆盖了 cloudWatch:ListDashboards

由于Statement是一个列表,因此您可以编写两个语句:

  CustomResourceRole:
Type: 'AWS::IAM::Role'
Properties:
AssumeRolePolicyDocument:
Version: 2012-10-17
Statement:
- Effect: Allow
Principal:
Service:
- ec2.amazonaws.com
Action:
- 'sts:AssumeRole'
Path: /
Policies:
- PolicyName:
!Sub
- Cloudwatch${PolicyCustomName}DashboardAccessPolicy
- { PolicyCustomName: !Ref Tenant }
PolicyDocument:
Version: 2012-10-17
Statement:
- Effect: Allow
Action: "cloudWatch:ListDashboards"
Resource: '*'
- Effect: Allow
Action: 'cloudwatch:GetDashboard'
Resource: 'arn:aws:cloudwatch::xxxx:dashboard/Test'
RootInstanceProfile:
Type: 'AWS::IAM::InstanceProfile'
Properties:
Path: /
Roles:
- !Ref CustomResourceRole

关于amazon-web-services - 云形成策略生成不正确,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/63561976/

25 4 0
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com