Amazon web services 策略中的语法错误。(服务:AmazonIdentityManagement;状态代码:400;错误代码:格式错误的策略文档:CloudFormation
当我尝试创建IAM策略时,在cloudformation中部署模板时出现以下错误:Amazon web services 策略中的语法错误。(服务:AmazonIdentityManagement;状态代码:400;错误代码:格式错误的策略文档:CloudFormation,amazon-web-services,templates,amazon-cloudformation,Amazon Web Services,Templates,Amazon Cloudformation,当我尝试创建IAM策略时,在cloudformation中部署模板时出现以下错误: JenkinsInstanceProfile: Type: AWS::IAM::InstanceProfile Properties: Path: "/" Roles: - Ref: "JenkinsRole" JenkinsPolicy: Type: AWS::IAM::Policy Properties:
JenkinsInstanceProfile:
Type: AWS::IAM::InstanceProfile
Properties:
Path: "/"
Roles:
-
Ref: "JenkinsRole"
JenkinsPolicy:
Type: AWS::IAM::Policy
Properties:
PolicyName: "JenkinsPolicy"
PolicyDocument:
Version: "2020-01-29"
Statement:
-
Effect: "Allow"
Action:
- "s3:GetObject"
- "s3:GetObjectVersion"
- "s3:PutObject"
- "s3:DeleteObject"
Resource: "*"
-
Effect: "Allow"
Action:
- "codedeploy:ListApplications"
- "codedeploy:ListDeploymentGroups"
- "codedeploy:RegisterApplicationRevision"
- "codedeploy:CreateDeployment"
- "codedeploy:GetDeploymentConfig"
- "codedeploy:GetApplicationRevision"
- "codedeploy:GetDeployment"
Resource: "*"
Roles:
- Ref: "JenkinsRole"
有人能帮我一下吗,这将是非常有用的,我看不到代码中列出了你的IAM角色。此外,你的标签有问题。我不知道这是否仅仅是因为你的复制/粘贴,或者你是否真的在CFN模板中有这样的标签。但是JenkinsPolicy是标签,看起来像Jenkinst的孩子个人资料 值得注意的是,我在AWS文档中没有看到您列出的政策文档的版本。它们只有“2012-10-17”和“2008-10-17”作为选项 下面的内容有望解决您的问题。另外,您不需要两个政策文件,所以我将它们放在一个文件中
JenkinsRole:
Type: "AWS::IAM::Role"
Properties:
AssumeRolePolicyDocument:
Version: "2012-10-17"
Statement:
-
Effect: "Allow"
Principal:
Service:
- "ec2.amazonaws.com"
Action:
- "sts:AssumeRole"
Path: "/"
RoleName: "JenkinsInstanceRole"
JenkinsInstanceProfile:
Type: "AWS::IAM::InstanceProfile"
Properties:
Roles:
- !Ref "JenkinsRole"
JenkinsPolicy:
Type: AWS::IAM::Policy
Properties:
PolicyName: "JenkinsPolicy"
PolicyDocument:
Version: "2012-10-17"
Statement:
- Effect: "Allow"
Action:
- "s3:GetObject"
- "s3:GetObjectVersion"
- "s3:PutObject"
- "s3:DeleteObject"
- "codedeploy:ListApplications"
- "codedeploy:ListDeploymentGroups"
- "codedeploy:RegisterApplicationRevision"
- "codedeploy:CreateDeployment"
- "codedeploy:GetDeploymentConfig"
- "codedeploy:GetApplicationRevision"
- "codedeploy:GetDeployment"
Resource: "*"
Roles: !Ref "JenkinsRole"