Fatal编程技术网
  • amazon-s3/
  • Amazon s3 CloudBucketPolicy在创建时卡住了。未完成的创建

Amazon s3 CloudBucketPolicy在创建时卡住了。未完成的创建

amazon-s3 amazon-cloudformation

Amazon s3 CloudBucketPolicy在创建时卡住了。未完成的创建,amazon-s3,amazon-cloudformation,Amazon S3,Amazon Cloudformation,云形成一个包含用户、用户访问密钥和策略的S3存储桶。它应该创建堆栈,并通过SDK输出使用创建的S3 bucket所需的用户访问密钥。当尝试引用BucketPolicy主体中的BucketUser ARN时,Bucket策略将永远停留在创建阶段 云形成是成功的 BucketPolicy:。。。负责人:“*” 但BucketPolicy资源永远停留在创建中 BucketPolicy:。。。校长:!GetAtt BucketUser.Arn 当BucketPolicy:。。。负责人:“*” 所需模板:

云形成一个包含用户、用户访问密钥和策略的S3存储桶。它应该创建堆栈,并通过SDK输出使用创建的S3 bucket所需的用户访问密钥。当尝试引用BucketPolicy主体中的BucketUser ARN时,Bucket策略将永远停留在创建阶段

云形成是成功的

BucketPolicy:。。。负责人:“*”

但BucketPolicy资源永远停留在创建中

BucketPolicy:。。。校长:!GetAtt BucketUser.Arn

BucketPolicy:。。。负责人:“*”

所需模板:

AWSTemplateFormatVersion: "2010-09-09"
Description: "Creates bucket with bucket policy"
#Metadata: 
Parameters:
  app:
    Type: String
    Description: (required) Application name (Also used for bucket name. Follow S3 bucket name conventions)
    Default: ymessage-bucket-test
Resources:
  BucketUser:
    Type: "AWS::IAM::User"
    Properties: 
      UserName: !Ref app
  UserAccessKey:
    Type: "AWS::IAM::AccessKey"
    Properties: 
      Status: Active
      UserName: !Ref app
    DependsOn: BucketUser
  Bucket:
    Type: AWS::S3::Bucket
    Properties:
      BucketName: !Ref app
  BucketPolicy:
      Type: "AWS::S3::BucketPolicy"
      Properties: 
        Bucket: !Ref app
        PolicyDocument: 
          Statement: 
            - 
              Action: 
                - "s3:*"
              Effect: "Allow"
              Resource: 
                Fn::Join: 
                  - ""
                  - 
                    - "arn:aws:s3:::"
                    - !Ref app
                    - "/*"
              Principal: !GetAtt BucketUser.Arn
      DependsOn: BucketUser
Outputs:
  AccessKeyId:
    Value: !Ref UserAccessKey
  AccessKeySecret:
    Value: !GetAtt UserAccessKey.SecretAccessKey
  BucketURL:
    Value: !GetAtt Bucket.WebsiteURL
  BucketUserArn:
    Value: !GetAtt BucketUser.Arn

AWSTemplateFormatVersion: "2010-09-09"
Description: "Creates bucket with bucket policy"
#Metadata: 
Parameters:
  app:
    Type: String
    Description: (required) Application name (Also used for bucket name. Follow S3 bucket name conventions)
    Default: ymessage-bucket-test
Resources:
  BucketUser:
    Type: "AWS::IAM::User"
    Properties: 
      UserName: !Ref app
  UserAccessKey:
    Type: "AWS::IAM::AccessKey"
    Properties: 
      Status: Active
      UserName: !Ref app
    DependsOn: BucketUser
  Bucket:
    Type: AWS::S3::Bucket
    Properties:
      BucketName: !Ref app
  BucketPolicy:
      Type: "AWS::S3::BucketPolicy"
      Properties: 
        Bucket: !Ref app
        PolicyDocument: 
          Statement: 
            - 
              Action: 
                - "s3:*"
              Effect: "Allow"
              Resource: 
                Fn::Join: 
                  - ""
                  - 
                    - "arn:aws:s3:::"
                    - !Ref app
                    - "/*"
              Principal: "*"
      DependsOn: BucketUser
Outputs:
  AccessKeyId:
    Value: !Ref UserAccessKey
  AccessKeySecret:
    Value: !GetAtt UserAccessKey.SecretAccessKey
  BucketURL:
    Value: !GetAtt Bucket.WebsiteURL
  BucketUserArn:
    Value: !GetAtt BucketUser.Arn
工作模板:

AWSTemplateFormatVersion: "2010-09-09"
Description: "Creates bucket with bucket policy"
#Metadata: 
Parameters:
  app:
    Type: String
    Description: (required) Application name (Also used for bucket name. Follow S3 bucket name conventions)
    Default: ymessage-bucket-test
Resources:
  BucketUser:
    Type: "AWS::IAM::User"
    Properties: 
      UserName: !Ref app
  UserAccessKey:
    Type: "AWS::IAM::AccessKey"
    Properties: 
      Status: Active
      UserName: !Ref app
    DependsOn: BucketUser
  Bucket:
    Type: AWS::S3::Bucket
    Properties:
      BucketName: !Ref app
  BucketPolicy:
      Type: "AWS::S3::BucketPolicy"
      Properties: 
        Bucket: !Ref app
        PolicyDocument: 
          Statement: 
            - 
              Action: 
                - "s3:*"
              Effect: "Allow"
              Resource: 
                Fn::Join: 
                  - ""
                  - 
                    - "arn:aws:s3:::"
                    - !Ref app
                    - "/*"
              Principal: !GetAtt BucketUser.Arn
      DependsOn: BucketUser
Outputs:
  AccessKeyId:
    Value: !Ref UserAccessKey
  AccessKeySecret:
    Value: !GetAtt UserAccessKey.SecretAccessKey
  BucketURL:
    Value: !GetAtt Bucket.WebsiteURL
  BucketUserArn:
    Value: !GetAtt BucketUser.Arn

AWSTemplateFormatVersion: "2010-09-09"
Description: "Creates bucket with bucket policy"
#Metadata: 
Parameters:
  app:
    Type: String
    Description: (required) Application name (Also used for bucket name. Follow S3 bucket name conventions)
    Default: ymessage-bucket-test
Resources:
  BucketUser:
    Type: "AWS::IAM::User"
    Properties: 
      UserName: !Ref app
  UserAccessKey:
    Type: "AWS::IAM::AccessKey"
    Properties: 
      Status: Active
      UserName: !Ref app
    DependsOn: BucketUser
  Bucket:
    Type: AWS::S3::Bucket
    Properties:
      BucketName: !Ref app
  BucketPolicy:
      Type: "AWS::S3::BucketPolicy"
      Properties: 
        Bucket: !Ref app
        PolicyDocument: 
          Statement: 
            - 
              Action: 
                - "s3:*"
              Effect: "Allow"
              Resource: 
                Fn::Join: 
                  - ""
                  - 
                    - "arn:aws:s3:::"
                    - !Ref app
                    - "/*"
              Principal: "*"
      DependsOn: BucketUser
Outputs:
  AccessKeyId:
    Value: !Ref UserAccessKey
  AccessKeySecret:
    Value: !GetAtt UserAccessKey.SecretAccessKey
  BucketURL:
    Value: !GetAtt Bucket.WebsiteURL
  BucketUserArn:
    Value: !GetAtt BucketUser.Arn
发现问题:在BucketPolicy中,它可以直接接受
主体:“*”
,但如果要使用arn,请执行以下操作:

Principal: 
  AWS: 
    - !GetAtt BucketUser.Arn