gpt4 book ai didi

amazon-web-services - 将策略附加到 IAM 角色

转载 作者:行者123 更新时间:2023-12-05 03:10:00 24 4
gpt4 key购买 nike

以下 cloudformation 模板在第 9 行给出错误:

{
"AWSTemplateFormatVersion" : "2010-09-09",
"Description" : "Policy to allow send receive message from SQS Queue",
"Resources" : {
"MyPolicy" : {
"Type" : "AWS::IAM::Policy",
"Properties" : {
"PolicyName" : "CFUsers",
"Roles": [ { "arn:aws:iam::710161973367:role/Cognito_CFIAuth_Role" } ],
"PolicyDocument" : {
"Version" : "2012-10-17",
"Statement": [
{
"Sid": "Sid1482400105445",
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::710161973367:role/Cognito_CFIAuth_Role"
},
"Action": [
"SQS:SendMessage",
"SQS:ReceiveMessage",
"SQS:DeleteMessage",
"SQS:GetQueueUrl"
],
"Resource": "arn:aws:sqs:ap-south-1:710161973367:CFI-Trace"
}
]
}
}
}
}

我希望角色 Cognito_CFIAuth_Role 在 SQS 队列 CFI-Trace 上具有消息发送/读取/删除权限。如何将SQS操作权限附加到IAM角色?

最佳答案

首先,第 9 行包含 JSON 语法错误,应删除 Role 字符串周围的括号 {}:

        "Roles": [ "arn:aws:iam::710161973367:role/Cognito_CFIAuth_Role" ],

第二,AWS::IAM::PolicyRoles属性接受“要附加到此策略的 AWS::IAM::Role名称”,而不是完整的 ARN,因此您的行应该是:

        "Roles": [ "Cognito_CFIAuth_Role" ],

您还需要在示例末尾缺少右括号 }

关于amazon-web-services - 将策略附加到 IAM 角色,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/41435059/

24 4 0
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com