Amazon web services policy.addAwsAccountPrincipal()引发格式错误的PolicyDocument错误
我正在尝试使用CDK创建一个角色,下面是一些要求 1.访问api网关(获取、删除、放置、发布) 2.与aws账户“1234567”有信托关系 这是我的CDK类型脚本代码:Amazon web services policy.addAwsAccountPrincipal()引发格式错误的PolicyDocument错误,amazon-web-services,aws-cdk,Amazon Web Services,Aws Cdk,我正在尝试使用CDK创建一个角色,下面是一些要求 1.访问api网关(获取、删除、放置、发布) 2.与aws账户“1234567”有信托关系 这是我的CDK类型脚本代码: const role = new iam.Role(this, 'IMAAPIGatewayAccessRole', { roleName: 'IMAAPIGatewayAccessRole', assumedBy: new iam.AnyPrincipal(), }); role.addToPolicy(
const role = new iam.Role(this, 'IMAAPIGatewayAccessRole', {
roleName: 'IMAAPIGatewayAccessRole',
assumedBy: new iam.AnyPrincipal(),
});
role.addToPolicy(new PolicyStatement(iam.PolicyStatementEffect.Allow)
.addAwsAccountPrincipal('1234567')
.addActions(
"apigateway:GET",
"apigateway:POST",
"apigateway:PUT",
"apigateway:DELETE"
)
.addAllResources()
);
但我有格式错误的政策文件错误
但是如果没有addAwsAccountPrincipal(),我是不会得到它的
假设策略包含无效主体:“星”:“*”。(服务:AmazonIdentityManagement;状态代码:400;错误代码:格式错误的策略文档;请求ID:cb4073ee-aa5d-11e9-b299-c7ffa44eb0ca)
新角色(/Users//workspace/cdk/node_modules/@aws cdk/aws iam/lib/Role.ts:200:18)
\_新Ims(/Users//workspace/cdk/bin/cdk.ts:25:22)
\_反对。(/Users//workspace/cdk/bin/cdk.ts:285:1)
\_模块编译(内部/modules/cjs/loader.js:774:30)
\_Module.m._compile(/Users//workspace/cdk/node_modules/ts node/src/index.ts:439:23)
\_模块扩展..js(内部/modules/cjs/loader.js:785:10)
\_Object.require.extensions。[as.ts](/Users//workspace/cdk/node_modules/ts node/src/index.ts:442:12)
\_Module.load(内部/modules/cjs/loader.js:641:32)
\_Function.Module._load(内部/modules/cjs/loader.js:556:12)
\_Function.Module.runMain(内部/modules/cjs/loader.js:837:10)
\_反对。(/Users//workspace/cdk/node_modules/ts node/src/bin.ts:154:12)
\_模块编译(内部/modules/cjs/loader.js:774:30)
\_Object.Module._extensions..js(internal/modules/cjs/loader.js:785:10)
\_Module.load(内部/modules/cjs/loader.js:641:32)
\_Function.Module._load(内部/modules/cjs/loader.js:556:12)
\_Function.Module.runMain(内部/modules/cjs/loader.js:837:10)
\_/usr/local/lib/node_modules/npm/node_modules/libnpx/index.js:268:14
我的代码有什么问题?addAwsAccountPrincipal('1234567')实际上对我不起作用。也许是个虫子
相反,下面是我的工作
const allowedAccountPrincipals = subscriberAccountIds.map(id => new AccountPrincipal(id));
const [firstPrincipal, ...additionalAllowedPrincipal] = allowedAccountPrincipals;
const allowedPrincipals = new CompositePrincipal(firstPrincipal, ...additionalAllowedPrincipal);
const role = new iam.Role(this, 'IMAAPIGatewayAccessRole', {
roleName: 'IMAAPIGatewayAccessRole',
assumedBy: allowedPrincipals,
});
“assumedBy:new iam.AccountPrincipal(stageAccountId)”也抛出了错误
const allowedAccountPrincipals = subscriberAccountIds.map(id => new AccountPrincipal(id));
const [firstPrincipal, ...additionalAllowedPrincipal] = allowedAccountPrincipals;
const allowedPrincipals = new CompositePrincipal(firstPrincipal, ...additionalAllowedPrincipal);
const role = new iam.Role(this, 'IMAAPIGatewayAccessRole', {
roleName: 'IMAAPIGatewayAccessRole',
assumedBy: allowedPrincipals,
});