Amazon cloudformation 尝试删除参数时出现lambda错误

我使用本文创建了我的堆栈

但是得到一个错误：

用户： arn:aws:sts:：xxx:假定角色/deleteCurrent-DeleteAfter-DeleteCFNLambdaExecution-T1WHQG2UTLWM/DeleteCFNLambda deleteCurrent 未授权对资源执行：ssm:delete参数： arn:aws:ssm:us-east-1:xxx:parameter/CFN-DemoParameter-plOl5Hg4QuI5 （服务：AmazonSM；状态代码：400；错误代码： AccessDeniedException

模板可以在这里查看

---

任何更正错误的建议都将不胜感激。

错误表示您的lambda执行角色没有执行

ssm:DeleteParameter

角色的权限。因此，您可以将缺少的权限添加到lambda角色：

Resources:
  DeleteCFNLambdaExecutionRole:
    Type: "AWS::IAM::Role"
    Properties:
      AssumeRolePolicyDocument:
        Version: "2012-10-17"
        Statement:
        - Effect: "Allow"
          Principal:
            Service: ["lambda.amazonaws.com"]
          Action: "sts:AssumeRole"
      Path: "/"
      Policies:
      - PolicyName: "lambda_policy"
        PolicyDocument:
          Version: "2012-10-17"
          Statement:
          - Effect: "Allow"
            Action:
            - "logs:CreateLogGroup"
            - "logs:CreateLogStream"
            - "logs:PutLogEvents"
            Resource: "arn:aws:logs:*:*:*"
          - Effect: "Allow"
            Action:
            - "cloudformation:DeleteStack"
            Resource: !Sub "arn:aws:cloudformation:${AWS::Region}:${AWS::AccountId}:stack/${StackName}/*"
          - Effect: "Allow"
            Action:
            - "ssm:DeleteParameter"
            Resource: "*"      

---

您确定错误来自

delete\u after\u 5m.template

？我似乎没有看到任何删除任何ssm参数的调用。另一个尝试删除此模板的嵌套模板没有这样做的权限。