gpt4 book ai didi

amazon-web-services - AWS Cloudformation 角色无权对角色执行 AssumeRole

转载 作者:行者123 更新时间:2023-12-04 12:56:47 25 4
gpt4 key购买 nike

我正在尝试执行包含以下资源的 cloudformation 堆栈:

  • 代码构建项目
  • Codepipeline 管道
  • 所需角色

尝试执行堆栈时,失败并出现以下错误:

arn:aws:iam::ACCOUNT_ID:role/CodePipelineRole is not authorized to perform AssumeRole on role arn:aws:iam::ACCOUNT_ID:role/CodePipelineRole (Service: AWSCodePipeline; Status Code: 400; Error Code: InvalidStructureException; Request ID: 7de2b1c6-a432-47e6-8208-2c0072ebaf4b)

我使用托管策略创建了该角色,但我已经尝试过使用普通策略,但它也不起作用。

这是角色政策:

CodePipelinePolicy:
Type: AWS::IAM::ManagedPolicy
Properties:
Description: 'This policy grants permissions to a service role to enable Codepipeline to use multiple AWS Resources on the users behalf'
Path: "/"
PolicyDocument:
Version: "2012-10-17"
Statement:
- Resource: "*"
Effect: "Allow"
Condition: {}
Action:
- autoscaling:*
- cloudwatch:*
- cloudtrail:*
- cloudformation:*
- codebuild:*
- codecommit:*
- codedeploy:*
- codepipeline:*
- ec2:*
- ecs:*
- ecr:*
- elasticbeanstalk:*
- elasticloadbalancing:*
- iam:*
- lambda:*
- logs:*
- rds:*
- s3:*
- sns:*
- ssm:*
- sqs:*
- kms:*

这就是角色

CodePipelineRole:
Type: "AWS::IAM::Role"
Properties:
RoleName: !Sub ${EnvironmentName}-CodePipelineRole
AssumeRolePolicyDocument:
Version: '2012-10-17'
Statement:
- Action:
- 'sts:AssumeRole'
Effect: Allow
Principal:
Service:
- codepipeline.amazonaws.com
Path: /
ManagedPolicyArns:
- !Ref CodePipelinePolicy

最让我感兴趣的是,CodePipelineRole 似乎正在尝试自行承担角色。我不明白这里会发生什么。

当我将策略的操作设置为 * 时,它起作用了!我不知道可能缺少哪些权限。

谢谢

最佳答案

这与您创建的角色(即 CodePipelineRole)的信任关系有关

  1. 转到 IAM 中的角色

  2. 选择“信任关系”选项卡...

  3. 然后编辑信任关系以包含 codepipeline

      "Version": "2012-10-17",
    "Statement": [
    {
    "Effect": "Allow",
    "Principal": {
    "Service": [
    "codepipeline.amazonaws.com"
    ]
    },
    "Action": "sts:AssumeRole"
    }
    ]
    }```

关于amazon-web-services - AWS Cloudformation 角色无权对角色执行 AssumeRole,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/53436197/

25 4 0
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com