文档建议反馈控制台
首页
学习
活动
专区
圈层
工具
MCP广场
文章/答案/技术大牛
发布
社区首页 >问答首页 >云生成策略生成错误

云生成策略生成错误
EN

Stack Overflow用户
提问于 2020-08-24 13:25:28
回答 1查看 47关注 0票数 0

云生成不会像模板中描述的那样生成我的策略。

我想在我的角色中创建/重新创建这个精确的策略。

代码语言:javascript
复制
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "VisualEditor0",
            "Effect": "Allow",
            "Action": [
                "cloudWatch:ListDashboards"
            ],
            "Resource": "*"
        },
        {
            "Sid": "VisualEditor1",
            "Effect": "Allow",
            "Action": "cloudwatch:GetDashboard",
            "Resource": "arn:aws:cloudwatch::xxxx:dashboard/test"
        }
    ]
}

这是我的云形成模板(请参阅策略):

代码语言:javascript
复制
  CustomResourceRole:
    Type: 'AWS::IAM::Role'
    Properties:
      AssumeRolePolicyDocument:
        Version: 2012-10-17
        Statement:
          - Effect: Allow
            Principal:
              Service:
              - ec2.amazonaws.com
            Action:
              - 'sts:AssumeRole'
      Path: /
      Policies:
        - PolicyName:
            !Sub
              - Cloudwatch${PolicyCustomName}DashboardAccessPolicy
              - { PolicyCustomName: !Ref Tenant }
          PolicyDocument:
            Version: 2012-10-17
            Statement:
              - Effect: Allow
                Action: [
                "cloudWatch:ListDashboards"
            ]
                Resource: '*'
                Action: 'cloudwatch:GetDashboard'
                Resource: 'arn:aws:cloudwatch::xxxx:dashboard/Test'
  RootInstanceProfile:
    Type: 'AWS::IAM::InstanceProfile'
    Properties:
      Path: /
      Roles:
        - !Ref CustomResourceRole

但是,这并不会生成所需的策略。我失去了我想要的政策的第一部分,为什么呢?

代码语言:javascript
复制
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Action": "cloudwatch:GetDashboard",
            "Resource": "arn:aws:cloudwatch::xxxx:dashboard/Test",
            "Effect": "Allow"
        }
    ]
}
amazon-web-services
amazon-cloudformation
amazon-iam
EN

回答 1

Stack Overflow用户

回答已采纳

发布于 2020-08-24 13:37:02

您为相同的Action提供了两个Statement,云形成引擎使用了后者,覆盖了cloudWatch:ListDashboards

由于Statement是一个列表,所以可以编写以下两条语句:

代码语言:javascript
复制
  CustomResourceRole:
    Type: 'AWS::IAM::Role'
    Properties:
      AssumeRolePolicyDocument:
        Version: 2012-10-17
        Statement:
          - Effect: Allow
            Principal:
              Service:
              - ec2.amazonaws.com
            Action:
              - 'sts:AssumeRole'
      Path: /
      Policies:
        - PolicyName:
            !Sub
              - Cloudwatch${PolicyCustomName}DashboardAccessPolicy
              - { PolicyCustomName: !Ref Tenant }
          PolicyDocument:
            Version: 2012-10-17
            Statement:
              - Effect: Allow
                Action: "cloudWatch:ListDashboards"
                Resource: '*'
              - Effect: Allow
                Action: 'cloudwatch:GetDashboard'
                Resource: 'arn:aws:cloudwatch::xxxx:dashboard/Test'
  RootInstanceProfile:
    Type: 'AWS::IAM::InstanceProfile'
    Properties:
      Path: /
      Roles:
        - !Ref CustomResourceRole
票数 2
EN
页面原文内容由Stack Overflow提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:

https://stackoverflow.com/questions/63561976

复制
相关文章

相似问题

领券

腾讯云开发者

扫码关注腾讯云开发者

扫码关注腾讯云开发者

领取腾讯云代金券

热门产品

热门推荐

更多推荐

Copyright © 2013 - 2026 Tencent Cloud. All Rights Reserved. 腾讯云 版权所有 

深圳市腾讯计算机系统有限公司 ICP备案/许可证号:粤B2-20090059 粤公网安备44030502008569号

腾讯云计算(北京)有限责任公司 京ICP证150476号 |  京ICP备11018762号

问题归档专栏文章快讯文章归档关键词归档开发者手册归档开发者手册 Section 归档