Amazon cloudformation 尝试删除参数时出现lambda错误
我使用本文创建了我的堆栈 但是得到一个错误: 用户: arn:aws:sts::xxx:假定角色/deleteCurrent-DeleteAfter-DeleteCFNLambdaExecution-T1WHQG2UTLWM/DeleteCFNLambda deleteCurrent 未授权对资源执行:ssm:delete参数: arn:aws:ssm:us-east-1:xxx:parameter/CFN-DemoParameter-plOl5Hg4QuI5 (服务:AmazonSM;状态代码:400;错误代码: AccessDeniedException 模板可以在这里查看Amazon cloudformation 尝试删除参数时出现lambda错误,amazon-cloudformation,Amazon Cloudformation,我使用本文创建了我的堆栈 但是得到一个错误: 用户: arn:aws:sts::xxx:假定角色/deleteCurrent-DeleteAfter-DeleteCFNLambdaExecution-T1WHQG2UTLWM/DeleteCFNLambda deleteCurrent 未授权对资源执行:ssm:delete参数: arn:aws:ssm:us-east-1:xxx:parameter/CFN-DemoParameter-plOl5Hg4QuI5 (服务:AmazonSM;状态代
任何更正错误的建议都将不胜感激。错误表示您的lambda执行角色没有执行
ssm:DeleteParameter
角色的权限。因此,您可以将缺少的权限添加到lambda角色:
Resources:
DeleteCFNLambdaExecutionRole:
Type: "AWS::IAM::Role"
Properties:
AssumeRolePolicyDocument:
Version: "2012-10-17"
Statement:
- Effect: "Allow"
Principal:
Service: ["lambda.amazonaws.com"]
Action: "sts:AssumeRole"
Path: "/"
Policies:
- PolicyName: "lambda_policy"
PolicyDocument:
Version: "2012-10-17"
Statement:
- Effect: "Allow"
Action:
- "logs:CreateLogGroup"
- "logs:CreateLogStream"
- "logs:PutLogEvents"
Resource: "arn:aws:logs:*:*:*"
- Effect: "Allow"
Action:
- "cloudformation:DeleteStack"
Resource: !Sub "arn:aws:cloudformation:${AWS::Region}:${AWS::AccountId}:stack/${StackName}/*"
- Effect: "Allow"
Action:
- "ssm:DeleteParameter"
Resource: "*"
您确定错误来自
delete\u after\u 5m.template
?我似乎没有看到任何删除任何ssm参数的调用。另一个尝试删除此模板的嵌套模板没有这样做的权限。