个人中心
gpt4 book ai didi

aws-cloudformation - IAM 策略 : MalformedPolicyDocument: Syntax errors in policy

转载 作者:行者123 更新时间:2023-12-05 06:39:20 27 4
gpt4 key购买 nike

我能够成功运行包含以下代码片段的 cloudformation 堆栈,现在我的最终目标是将其移植到 Terraform,但是..

即使在 AWS 控制台中,我也收到格式错误的语法错误。我尝试使用 AWS 控制台的“策略编辑器”并单击“验证”按钮来调试此问题,但错误并不具体。有人知道我做错了什么吗?这很奇怪,因为当我部署 cloudformation 堆栈模板时,这个策略似乎起作用了。 (顺便说一句,如果有帮助的话,这是来自 GorillaStack 的 AutoTagging 项目)

此策略包含以下错误:策略中存在语法错误。有关 IAM 策略语法的更多信息,请参阅 AWS IAM 策略。

    {
      "Version": "2012-10-17",
      "Statement": [
        {
          "Effect": "Allow",
          "Action": [
            "logs:CreateLogGroup",
            "logs:CreateLogStream",
            "logs:PutLogEvents"
          ],
          "Resource": "arn:aws:logs:*:*:*"
        },
        {
          "Effect": "Allow",
          "Action": [
            "s3:GetObject",
            "s3:ListBucket"
          ],
          "Resource": [
            "*"
          ]
        },
        {
          "Effect": "Allow",
          "Action": [
            "cloudformation:DescribeStackResource"
          ],
          "Resource": [
            { "Fn::Join": [ "", [ "arn:aws:cloudformation:", { "Ref" : "AWS::Region" }, ":", { "Ref" : "AWS::AccountId" }, ":stack/autotag/*" ] ] }
          ]
        },
        {
          "Effect": "Allow",
          "Action": [
            "sts:*"
          ],
          "Resource": [
            { "Fn::GetAtt" : [ "AutoTagMasterRole", "Arn" ] }
          ]
        }
      ]
    }

我的 terraform 配置具有以下资源(包含上面的代码片段)

 resource "aws_iam_role_policy" "AutoTagExecutionPolicy" {
   name = "AutoTagExecutionPolicy"
   role = "${aws_iam_role.AutoTagExecutionRole.id}"

   policy = <<EOF
   <-THE POLICY ABOVE GOES HERE->
 EOF
 }

最佳答案

您需要将 Cloudformation 函数转换为 terraform 脚本中的变量。

data "aws_iam_policy_document" "example" {
  statement {
    sid    = "allow logs"
    effect = "Allow"

    action = [
      "logs:CreateLogGroup",
      "logs:CreateLogStream",
      "logs:PutLogEvents",
    ]

    Resources = [
      "arn:aws:logs:*:*:*",
    ]
  }

  statement {
    sid    = "allow s3"
    effect = "Allow"

    action = [
      "s3:GetObject",
      "s3:ListBucket",
    ]

    resource = [
      "*",
    ]
  }

  statement {
    sid = "allow cfn"

    effect = "Allow"

    action = [
      "cloudformation:DescribeStackResource",
    ]

    resource = [
      "${var.cfn_stack}",
    ]
  }

  statement {
    sid    = "allow sts"
    effect = "Allow"

    action = [
      "sts:*",
    ]

    resource = [
      "${var.AutoTagMasterRole_arn}",
    ]
  }
}

然后

resource "aws_iam_policy" "example" {
  name   = "example_policy"
  path   = "/"
  policy = "${data.aws_iam_policy_document.example.json}"
}

https://www.terraform.io/docs/providers/aws/d/iam_policy_document.html

https://www.terraform.io/docs/configuration/interpolation.html

关于aws-cloudformation - IAM 策略 : MalformedPolicyDocument: Syntax errors in policy,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/44709341/

27 4 0
文章推荐: Java - 泛型类的集合,每个类都有不同的泛型类型
文章推荐: vuejs2 - 无法在 Vuejs 2 中使用 vuetable-2 检索数据
文章推荐: android - TalkBack:防止选择被遮挡的 View
文章推荐: Python valueError 使用 hstack() (ValueError : all the input array dimensions except for the concatenation axis must match exactly)
行者123
个人简介

我是一名优秀的程序员,十分优秀!

滴滴打车优惠券免费领取
滴滴打车优惠券
全站热门文章
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com