aws-cloudformation - AWS : cloudformation: How to pass the role arn to instanceprofile

Question

我的目标是创建一个具有管理员已为我创建的特定角色的 EC2 实例。

# in mumbai region (working)
Resources:
  MyNewEC2Instance:
    Type: AWS::EC2::Instance
    Properties:
      ImageId: ami-0fcbc9ed97efe271e
      InstanceType: t2.micro
      SubnetId: subnet-fc2df495
      KeyName: sant-test
      IamInstanceProfile: !Ref Ec2InstanceProfile

  Ec2InstanceProfile:
    Type: AWS::IAM::InstanceProfile
    Properties:
      Path: "/"
      Roles:
        - "arn:aws:iam::yyyyyyy:role/xxxxx"

当我运行上述 cloudformation 时，出现以下错误

Resource handler returned message: "The specified value for roleName is invalid. It must contain only alphanumeric characters and/or the following: +=,.@_-

如何解决这个问题。

我尝试仅使用角色名称

# in mumbai region (working)
Resources:
  MyNewEC2Instance:
    Type: AWS::EC2::Instance
    Properties:
      ImageId: ami-0fcbc9ed97efe271e
      InstanceType: t2.micro
      SubnetId: subnet-fc2df495
      KeyName: sant-test
      IamInstanceProfile: !Ref Ec2InstanceProfile

  Ec2InstanceProfile:
    Type: AWS::IAM::InstanceProfile
    Properties:
      Path: "/"
      Roles:
        - "xxxxx"

现在我看到堆栈卡在资源创建启动时

Answer 1

这可能需要“Ref”作为键，角色名称作为值。请参阅本文末尾的示例 AWS documentation .

更新:请忽略上面这句话。我想你可以引用这个answer了解关联 JSON 格式的现有 IAM 角色的正确语法。如果我们将其转换为YAML格式，语法应该是:

Instanceprofile:    
    Type: 'AWS::IAM::InstanceProfile'    
    Properties:      
      Path: /      
      Roles:        
        - MyExistingRole