尝试简单地部署之前有效的数据管道定义。这次我将角色更改为与另一个AWS(生产与登台)帐户保持一致。
当我通过AWS CLI部署时,收到此消息:
{
"validationErrors": [
{
"errors": [
"Please add following permissions to the role ('DataPipelineDefaultRole') for uploading logs to s3: s3:Get*,s3:List*,s3:Put*"
],
"id": "EC2_Box_TaskRunner"
}
],
"errored": true,
"validationWarnings": []
}
以下是DataPipelineDefaultRole的定义:
{
"Statement": [
{
"Action": [
"s3:*",
"dynamodb:DescribeTable",
"dynamodb:Scan",
"dynamodb:Query",
"dynamodb:GetItem",
"dynamodb:BatchGetItem",
"dynamodb:UpdateTable",
"ec2:*",
"elasticmapreduce:*",
"rds:DescribeDBInstances",
"rds:DescribeDBSecurityGroups",
"redshift:DescribeClusters",
"redshift:DescribeClusterSecurityGroups",
"sns:GetTopicAttributes",
"sns:ListTopics",
"sns:Publish",
"sns:Subscribe",
"sns:Unsubscribe",
"iam:PassRole",
"iam:ListRolePolicies",
"iam:GetRole",
"iam:GetRolePolicy",
"iam:ListInstanceProfiles",
"cloudwatch:*",
"datapipeline:*"
],
"Effect": "Allow",
"Resource": [
"*"
]
}
]
}
我还注意到,当我尝试重新创建'DataPipelineDefaultRole'时,有时“实例配置文件ARN(s)”为空。最后,我能够重新创建角色 - 通过“hello world数据管道模板”设置和/或手动步骤的组合。 (有Instance ARN出席)
即使角色设置为:
{
"Statement": [
{
"Action": [
"*"
],
"Effect": "Allow",
"Resource": [
"*"
]
}
]
}
它不起作用。
我做错了什么?
答案 0 :(得分:0)
好的问题是管道定义中其他对象引用的s3路径,而不是角色或EC2_Box_TaskRunner框