Warning: file_get_contents(/data/phpspider/zhask/data//catemap/4/jquery-ui/2.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181
Amazon web services 如何在云信息中引用AWS管理的策略arn?_Amazon Web Services_Amazon Cloudformation_Amazon Iam - Fatal编程技术网
Fatal编程技术网

Amazon web services 如何在云信息中引用AWS管理的策略arn?

amazon-web-services amazon-cloudformation

Amazon web services 如何在云信息中引用AWS管理的策略arn?,amazon-web-services,amazon-cloudformation,amazon-iam,Amazon Web Services,Amazon Cloudformation,Amazon Iam,我将使用cloudformation创建一个IAM用户,并需要附加一个AWS管理策略AWSAPSyncInvokeelAccess。我想我应该使用如下代码中的托管策略: Resources: publisherUser: Type: AWS::IAM::User Properties: UserName: userName ManagedPolicyArns: - !Ref AWSAppSyncInvokeFullAccess

我将使用cloudformation创建一个IAM用户,并需要附加一个AWS管理策略
AWSAPSyncInvokeelAccess
。我想我应该使用如下代码中的托管策略:

Resources:
  publisherUser:
    Type: AWS::IAM::User
    Properties:
      UserName: userName
      ManagedPolicyArns: 
        - !Ref AWSAppSyncInvokeFullAccess
        - !Ref AWSLambdaBasicExecutionRole
但它不起作用,因为
awsapsyncInvokeelAccess
来自AWS,而不是来自此模板。引用策略的正确方法是什么?

这些是现有的AWS管理策略。因此,您应该使用他们的完整ARN,您可以从IAM控制台获得:

Resources:
  publisherUser:
    Type: AWS::IAM::User
    Properties:
      UserName: userName
      ManagedPolicyArns: 
        - arn:aws:iam::aws:policy/AWSAppSyncInvokeFullAccess
        - arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole
更新 或者使其独立于分区:

Resources:
  publisherUser:
    Type: AWS::IAM::User
    Properties:
      UserName: userName
      ManagedPolicyArns: 
        - !Sub "arn:${AWS::Partition}:iam::aws:policy/AWSAppSyncInvokeFullAccess"
        - !Sub "arn:${AWS::Partition}:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole"
这些是现有的AWS管理策略。因此,您应该使用他们的完整ARN,您可以从IAM控制台获得:

Resources:
  publisherUser:
    Type: AWS::IAM::User
    Properties:
      UserName: userName
      ManagedPolicyArns: 
        - arn:aws:iam::aws:policy/AWSAppSyncInvokeFullAccess
        - arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole
更新 或者使其独立于分区:

Resources:
  publisherUser:
    Type: AWS::IAM::User
    Properties:
      UserName: userName
      ManagedPolicyArns: 
        - !Sub "arn:${AWS::Partition}:iam::aws:policy/AWSAppSyncInvokeFullAccess"
        - !Sub "arn:${AWS::Partition}:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole"
psuedoparameter使其分区不可知,psuedoparameter使其分区不可知