Amazon s3 Aurora PostgreSQL访问s3的权限
我试图授予我的Aurora PostgreSQL访问s3存储桶的权限。我使用的是无服务器框架,代码如下Amazon s3 Aurora PostgreSQL访问s3的权限,amazon-s3,amazon-rds,amazon-iam,serverless-framework,amazon-aurora,Amazon S3,Amazon Rds,Amazon Iam,Serverless Framework,Amazon Aurora,我试图授予我的Aurora PostgreSQL访问s3存储桶的权限。我使用的是无服务器框架,代码如下 RDSCluster: Type: 'AWS::RDS::DBCluster' Properties: MasterUsername: AuserName MasterUserPassword: Apassword DBSubnetGroupName: Ref: RDSClusterGroup
RDSCluster:
Type: 'AWS::RDS::DBCluster'
Properties:
MasterUsername: AuserName
MasterUserPassword: Apassword
DBSubnetGroupName:
Ref: RDSClusterGroup
AvailabilityZones:
- eu-central-1a
- eu-central-1b
Engine: aurora-postgresql
EngineVersion: 11.9
EngineMode: provisioned
EnableHttpEndpoint: true
DatabaseName: initialbase
DBClusterParameterGroupName:
Ref: RDSDBParameterGroup
AssociatedRoles:
- RoleArn:
{ Fn::GetAtt: [ AuroraPolicy, Arn ] }
VpcSecurityGroupIds:
- Ref: RdsSecurityGroup
AuroraPolicy:
Type: AWS::IAM::Role
Properties:
AssumeRolePolicyDocument:
Version: '2012-10-17'
Statement:
- Effect: Allow
Principal:
Service:
- rds.amazonaws.com
Action:
- sts:AssumeRole
Path: "/"
Policies:
- PolicyName: AuroraRolePolicy
PolicyDocument:
Version: '2012-10-17'
Statement:
- Effect: Allow
Action:
- s3:AbortMultipartUpload
- s3:GetBucketLocation
- s3:GetObject
- s3:ListBucket
- s3:ListBucketMultipartUploads
- s3:PutObject
Resource:
- { Fn::GetAtt: [ S3BucketEgresbucket, Arn ] }
- Fn::Join:
- ""
- - { Fn::GetAtt: [ S3BucketEgresbucket, Arn ] }
- "/*"
SELECT aws\u commons.create\u s3\u ur必须为Aurora(PostgreSQL)引擎的当前操作提供feature name参数。该问题来自AssociatedRoles对象,cloudformation声明不需要FeatureName字段,但如果您希望群集访问其他AWS服务,则需要该字段。在这种情况下,由于我想让集群访问s3存储桶,我必须更改AssociatedRoles对象,使其看起来像这样:
AssociatedRoles:
- RoleArn: { Fn::GetAtt: [ roleServiceIntegration, Arn ] }
FeatureName: s3Import