将多个IAM内联策略从cloudformation附加到同一角色

Question

我正在检查我们是否可以将多个IAM策略附加到云形成中。我已经附加了托管策略，并且我能够附加和内联策略，但我想检查是否可以附加多个内联策略。

我想要附加到相同的角色

1)托管策略2)内联策略-1 3)内联策略-2

谢谢Nataraj

Answer 1

这是完全可能的。相关字段为ManagedPolicyArns和Policies。

Resources: 
  RootRole: 
    Type: "AWS::IAM::Role"
    Properties: 
      AssumeRolePolicyDocument: 
        Version: "2012-10-17"
        Statement: 
          - Effect: "Allow"
            Principal: 
              Service: 
                - "ec2.amazonaws.com"
            Action: 
              - "sts:AssumeRole"
      Path: "/"
      ManagedPolicyArns:
        - 'arn:aws:iam::ACCOUNT_ID:policy/myname/ManagedPolicy'
      Policies: 
        - PolicyName: "Inline Policy 1"
          PolicyDocument: 
            Version: "2012-10-17"
            Statement: 
              - Effect: "Allow"
                Action: "*"
                Resource: "*"
        - PolicyName: "Inline Policy 2"
          PolicyDocument: 
            Version: "2012-10-17"
            Statement: 
              - Effect: "Allow"
                Action: "*"
                Resource: "*"

有关更多详细信息/标注，请查看文档：https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-role.html