我想每天使用CloudWatch Events停止我的EC2实例。在控制台上,它没有任何问题。通过对我使用控制台完成的配置进行逆向工程,一系列命令等同于以下内容:
aws events put-rule \
--name stop-ec2-instance \
--schedule-expression 'cron(0 13 * * ? *)' \
--description "Stop EC2 instance everyday" \
--role-arn arn:aws:iam::012345678901:role/AWS_Events_Actions_Execution
aws events put-targets \
--rule stop-ec2-instance \
--targets "[{ \
\"Arn\": \"arn:aws:automation:ap-northeast-1:012345678901:action/EC2StopInstance/EC2StopInstance_stop-ec2-instance\", \
\"Id\": \"EC2StopInstance_stop-ec2-instance\", \
\"Input\": \"\\\"arn:aws:ec2:ap-northeast-1:012345678901:instance/i-01234567\\\"\" \
}]"
但是,这不起作用,因为我在第一个命令时收到以下错误:
A client error (ValidationException) occurred when calling the PutRule operation: Provided role 'arn:aws:iam::012345678901:role/AWS_Events_Actions_Execution' cannot be assumed by principal 'events.amazonaws.com'.
如何使用CLI放置Amazon CloudWatch Events规则?
答案 0 :(得分:5)
您创建的IAM角色(即arn:aws:iam::012345678901:role/AWS_Events_Actions_Execution)不允许CloudWatch Events承担它。
转到IAM控制台中的角色,并在“信任关系”选项卡下,确保您的Statement块包含events.amazonaws.com作为可以担任该角色的已接受服务(aka。{{1行动)。例如:
sts:AssumeRole