Amazon web services cloudformation新角色/政策|格式错误的政策文件
我正在尝试使用cloudformation创建一个新角色和策略 在部署时,我遇到以下错误: 策略中的语法错误。(服务:AmazonIdentityManagement;状态代码:400;错误代码:格式错误的策略文档;请求ID:848a408e-b0f1-11e8-90b6-cf2a19d18ad2) 提前谢谢你 Fas3r 编辑 如果有多个操作,则资源应被[“*”]包围; 当一个动作不需要换行时,可以是: 动作:动作名称Amazon web services cloudformation新角色/政策|格式错误的政策文件,amazon-web-services,yaml,amazon-cloudformation,Amazon Web Services,Yaml,Amazon Cloudformation,我正在尝试使用cloudformation创建一个新角色和策略 在部署时,我遇到以下错误: 策略中的语法错误。(服务:AmazonIdentityManagement;状态代码:400;错误代码:格式错误的策略文档;请求ID:848a408e-b0f1-11e8-90b6-cf2a19d18ad2) 提前谢谢你 Fas3r 编辑 如果有多个操作,则资源应被[“*”]包围; 当一个动作不需要换行时,可以是: 动作:动作名称 br.正如错误所示,您的yaml语法无效 您可以使用web工具来解决语法问
br.正如错误所示,您的yaml语法无效 您可以使用web工具来解决语法问题 以下是yaml文件的正确语法:
AWSTemplateFormatVersion: 2010-09-09
Description: >
AWS CloudFormation Template
Parameters:
StackName:
Type: String
Description: stack test
Default: stackTest
DclEnvironment:
Type: String
Description: Env
AllowedValues :
- test
- dev
- stage
- sbox
- prod
Default: dev
DclPod:
Type: String
Description: Pod Name
Default: enel
DclService:
Type: String
Description: Pod Name
Default: monitoring
Domain:
Type: String
Description: Private Domain name
Default: int.mydomain.com
VpcId:
Type: AWS::EC2::VPC::Id
Default: vpc-4ac3bb21
AppAmiId:
Type: AWS::EC2::Image::Id
Description: Ec2 AMI ID
Default: ami-XXXX
KeyName:
Type: AWS::EC2::KeyPair::KeyName
Description: Key Name
Default: c3-kp-01
SecurityGroupIds:
Type: CommaDelimitedList
Description: Comma-separated list of existing security group IDs in your VPC
Default: sg-07f5186b
SubnetA:
Description: Subnet from AZ a
Type: String
Default: subnet-7d576316
SubnetB:
Description: Subnet from AZ b
Type: String
Default: subnet-496a0834
SubnetC:
Description: Subnet from AZ c
Type: String
Default: subnet-7d576316
DbSubnetGroupA:
Type: String
Description: Subnet from AZ A
Default: subnet-1154607a
DbSubnetGroupB:
Type: String
Description: Subnet from AZ B
Default: subnet-3d650740
DbSubnetGroupC:
Type: String
Description: Subnet from AZ C
Default: subnet-4d027e00
Resources:
monitoringRole:
Type: AWS::IAM::Role
Properties:
RoleName: !Join
- "-"
- - !Ref DclEnvironment
- !Ref DclPod
- !Ref DclService
- "iam-01"
AssumeRolePolicyDocument:
Version: "2012-10-17"
Statement:
- Effect: Allow
Action: sts:AssumeRole
Principal:
Service:
- ec2.amazonaws.com
Path: "/"
policyEC2Monitoring:
Type: AWS::IAM::Policy
Properties:
PolicyName: !Join
- "-"
- - !Ref DclEnvironment
- !Ref DclPod
- !Ref DclService
- "policy-01"
PolicyDocument:
Version: "2012-10-17"
Statement:
- Effect: Allow
Action:
- ec2:Describe*
Ressource: "*"
- Effect: Allow
Action:
- elasticloadbalancing:Describe*
Ressource: "*"
- Effect: Allow
Action:
- cloudwatch:ListMetrics*
- cloudwatch:GetMetricStatistics
- cloudwatch:Describe*
Ressource: "*"
- Effect: Allow
Action:
- autoscaling:Describe*
Ressource: "*"
Roles:
- !Ref monitoringRole
instanceProfile:
Type: AWS::IAM::InstanceProfile
Properties:
InstanceProfileName: !Join
- "-"
- - !Ref DclEnvironment
- !Ref DclPod
- !Ref DclService
- "inp-01"
Path: "/"
Roles:
- !Ref monitoringRole
希望能有所帮助。事实上,我不知道那个网站。谢谢你的帮助,问题解决。你好,事实上我仍然得到同样的错误,你也试着推出它吗?奇怪。我刚测试过。你复制了正确的模板吗?查看屏幕截图:Hello bhalothia,谢谢你的评论,我确实可以加载它,只有当你执行它时才会发生错误。Hello,角色已创建,但对于策略,我仍然得到:策略中的语法错误。(服务:AmazonIdentityManagement;状态代码:400;错误代码:格式错误的策略文档;请求ID:91b2b53c-b1c2-11e8-940b-116b91239240)
AWSTemplateFormatVersion: 2010-09-09
Description: >
AWS CloudFormation Template
Parameters:
StackName:
Type: String
Description: stack test
Default: stackTest
DclEnvironment:
Type: String
Description: Env
AllowedValues :
- test
- dev
- stage
- sbox
- prod
Default: dev
DclPod:
Type: String
Description: Pod Name
Default: enel
DclService:
Type: String
Description: Pod Name
Default: monitoring
Domain:
Type: String
Description: Private Domain name
Default: int.mydomain.com
VpcId:
Type: AWS::EC2::VPC::Id
Default: vpc-4ac3bb21
AppAmiId:
Type: AWS::EC2::Image::Id
Description: Ec2 AMI ID
Default: ami-XXXX
KeyName:
Type: AWS::EC2::KeyPair::KeyName
Description: Key Name
Default: c3-kp-01
SecurityGroupIds:
Type: CommaDelimitedList
Description: Comma-separated list of existing security group IDs in your VPC
Default: sg-07f5186b
SubnetA:
Description: Subnet from AZ a
Type: String
Default: subnet-7d576316
SubnetB:
Description: Subnet from AZ b
Type: String
Default: subnet-496a0834
SubnetC:
Description: Subnet from AZ c
Type: String
Default: subnet-7d576316
DbSubnetGroupA:
Type: String
Description: Subnet from AZ A
Default: subnet-1154607a
DbSubnetGroupB:
Type: String
Description: Subnet from AZ B
Default: subnet-3d650740
DbSubnetGroupC:
Type: String
Description: Subnet from AZ C
Default: subnet-4d027e00
Resources:
monitoringRole:
Type: AWS::IAM::Role
Properties:
RoleName: !Join
- "-"
- - !Ref DclEnvironment
- !Ref DclPod
- !Ref DclService
- "iam-01"
AssumeRolePolicyDocument:
Version: "2012-10-17"
Statement:
- Effect: Allow
Action: sts:AssumeRole
Principal:
Service:
- ec2.amazonaws.com
Path: "/"
policyEC2Monitoring:
Type: AWS::IAM::Policy
Properties:
PolicyName: !Join
- "-"
- - !Ref DclEnvironment
- !Ref DclPod
- !Ref DclService
- "policy-01"
PolicyDocument:
Version: "2012-10-17"
Statement:
- Effect: Allow
Action:
- ec2:Describe*
Ressource: "*"
- Effect: Allow
Action:
- elasticloadbalancing:Describe*
Ressource: "*"
- Effect: Allow
Action:
- cloudwatch:ListMetrics*
- cloudwatch:GetMetricStatistics
- cloudwatch:Describe*
Ressource: "*"
- Effect: Allow
Action:
- autoscaling:Describe*
Ressource: "*"
Roles:
- !Ref monitoringRole
instanceProfile:
Type: AWS::IAM::InstanceProfile
Properties:
InstanceProfileName: !Join
- "-"
- - !Ref DclEnvironment
- !Ref DclPod
- !Ref DclService
- "inp-01"
Path: "/"
Roles:
- !Ref monitoringRole