gpt4 book ai didi

amazon-web-services - Cloudformation 无法为 apigateway 创建资源策略

转载 作者:行者123 更新时间:2023-12-04 08:13:44 25 4
gpt4 key购买 nike

当我直接将资源策略传递到控制台时,资源策略工作正常。以下是资源策略示例:-

{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": "*",
"Action": "execute-api:Invoke",
"Resource": "arn:aws:execute-api:us-west-2:339159142535:ooxmwl6q4e/*",
"Condition": {
"IpAddress": {
"aws:SourceIp": [
""14.98.8.190/32""
]
}
}
}
]
}

现在如何创建一个 cloudformation 模板来创建它并附加到 apigateway

我尝试创建一项政策,但根据新政策,“Principal”已被废弃。

我也创建了一个角色,但没有帮助。以下是角色片段:-

{
"AWSTemplateFormatVersion": "2010-09-09",
"Resources": {
"Apifirewall": {
"Type": "AWS::IAM::Role",
"Properties": {
"AssumeRolePolicyDocument": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": [
"apigateway.amazonaws.com"
]
},
"Action": [
"sts:AssumeRole"
]
}
]
},
"Policies": [
{
"PolicyName": "Apifirewall",
"PolicyDocument": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "*",
"Resource": [
"arn:aws:execute-api:us-west-2:339159142535:ooxmwl6q4e/*"
],
"Condition": {
"IpAddress": {
"aws:SourceIp": [
"14.98.8.190/32"
]
}
}
}
]
}
}
]
}
}
},
"Outputs": {
"Apifirewall": {
"Value": {
"Fn::GetAtt": [
"Apifirewall",
"Arn"
]
}
}
}
}

最佳答案

APIGateway 资源策略不绑定(bind)到 IAM 策略,它是不同类型的资源。

因此,要在 RestApi 上实现它,您应该在

上的 AWS::ApiGateway::RestApi 资源上使用 Policy 参数
{
"Type" : "AWS::ApiGateway::RestApi",
"Properties" : {
"ApiKeySourceType" : String,
"BinaryMediaTypes" : [ String, ... ],
"Body" : JSON object,
"BodyS3Location" : S3Location,
"CloneFrom" : String,
"Description" : String,
"EndpointConfiguration" : EndpointConfiguration,
"FailOnWarnings" : Boolean,
"MinimumCompressionSize" : Integer,
"Name" : String,
"Parameters" : { String:String, ... },
"Policy" : JSON object
}
}

关于amazon-web-services - Cloudformation 无法为 apigateway 创建资源策略,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/55613809/

25 4 0
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com