使用AWS创建新的IAM角色时创建自定义信任策略
使用AWS创建新的IAM角色时创建自定义信任策略
提问于 2022-04-27 06:59:06
我试图为我通过AWS创建的IAM角色创建一个自定义信任策略。下面是我正在尝试实现的JSON。不确定“定制”是否是正确的术语,但它不是新的iam.ServicePrincipal类。
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::XXXX:root"
},
"Action": "sts:AssumeRole",
"Condition": {
"StringEquals": {
"sts:ExternalId": "XXXXX"
}
}
}
]
}我试着在我的构建中遵循,但它一直在我身上失败,下面的错误。
const externalPolicyDocument = {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::XXXX:root"
},
"Action": "sts:AssumeRole",
"Condition": {
"StringEquals": {
"sts:ExternalId": "XXXX"
}
}
}
]
}
const jsonCustomDocument = iam.PolicyDocument.fromJson(externalPolicyDocument);
new iam.Role(this, `${kinesisData.iamRole}`, {
//assumedBy: new iam.ServicePrincipal(`kinesis.amazonaws.com`),
assumedBy: jsonCustomDocument,
description: `${kinesisData.iamDescription}`,
roleName: `${kinesisData.iamRoleName}`,
inlinePolicies: {
kinesisPolicy: kinesisIAMStatement,
kmsPolicy: kinesisKMS
}
})下面是我遇到的错误:
/home/ubuntu/workspace/Twilio-CDK-EventSink/devops/aws-cdk/node_modules/@aws-cdk/aws-iam/lib/policy-statement.js:141
util_1.mergePrincipal(this.principal, fragment.principalJson);
^
TypeError: Cannot read property 'principalJson' of undefined
at AwsStarStatement.addPrincipals (/home/ubuntu/workspace/Twilio-CDK-EventSink/devops/aws-cdk/node_modules/@aws-cdk/aws-iam/lib/policy-statement.js:141:60)
at createAssumeRolePolicy (/home/ubuntu/workspace/Twilio-CDK-EventSink/devops/aws-cdk/node_modules/@aws-cdk/aws-iam/lib/role.js:317:15)
at new Role (/home/ubuntu/workspace/Twilio-CDK-EventSink/devops/aws-cdk/node_modules/@aws-cdk/aws-iam/lib/role.js:64:33)
at new kinesisSinkBuild (/home/ubuntu/workspace/Twilio-CDK-EventSink/devops/aws-cdk/resources/kinesis_build.js:77:9)
at new MainStack (/home/ubuntu/workspace/Twilio-CDK-EventSink/devops/aws-cdk/lib/aws-cdk-stack.js:18:26)
at Object.<anonymous> (/home/ubuntu/workspace/Twilio-CDK-EventSink/devops/aws-cdk/bin/aws-cdk.js:28:1)
at Module._compile (internal/modules/cjs/loader.js:1085:14)
at Object.Module._extensions..js (internal/modules/cjs/loader.js:1114:10)
at Module.load (internal/modules/cjs/loader.js:950:32)
at Function.Module._load (internal/modules/cjs/loader.js:790:12)
Subprocess exited with error 1回答 1
Stack Overflow用户
回答已采纳
发布于 2022-04-27 09:53:29
定义具有条件的帐户校长:
assumedBy: new iam.AccountPrincipal('123456789012').withConditions({
StringEquals: {
'sts:ExternalId': 'XXXX',
},
});页面原文内容由Stack Overflow提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:
https://stackoverflow.com/questions/72024530
复制相关文章
相似问题
腾讯云开发者
Copyright © 2013 - 2026 Tencent Cloud. All Rights Reserved. 腾讯云 版权所有
深圳市腾讯计算机系统有限公司 ICP备案/许可证号:粤B2-20090059 
粤公网安备44030502008569号
腾讯云计算(北京)有限责任公司 京ICP证150476号 | 京ICP备11018762号