这是角色代码段:
"InstanceRole": {
"Type": "AWS::IAM::Role",
"Properties": {
"AssumeRolePolicyDocument": {
"Version" : "2012-10-17",
"Statement": [ {
"Effect": "Allow",
"Principal": {
"Service" : [ { "Fn::FindInMap": [ "Region2Principal", { "Ref": "AWS::Region" },"EC2Principal" ] } ] },
"Action" : [ "sts:AssumeRole" ]
}]
},
"Path": "/",
"Policies": [{
"PolicyName": {"Fn::Join" : ["",["AWS::StackName","InstanceApi"] ] },
"PolicyDocument": {
"Statement": [{
"Effect": "Allow",
"Action": "*",
"Resource": "*"
}]
}
}]
}
},
这是错误:The specified value for policyName is invalid. It must contain only alphanumeric characters and/or the following: +=,.@_-
我输入的AWS::StackName的值为tmplt-stack,生成错误的策略名称为:tmplt-stack-InstanceApi-O7KF5OL0TA2Q
我不明白为什么cloudformation拒绝这个名称,即使它只包含很少的字符 - ' - '并且根据错误消息允许它,其余的都是字母数字字符。
答案 0 :(得分:4)
这是我在使用伪参数AWS :: StackNAme时犯的一个巨大错误,我没有用“Ref”调用它
"InstanceRole": {
"Type": "AWS::IAM::Role",
"Properties": {
"AssumeRolePolicyDocument": {
"Version" : "2012-10-17",
"Statement": [ {
"Effect": "Allow",
"Principal": {
"Service" : [ { "Fn::FindInMap": [ "Region2Principal", { "Ref": "AWS::Region" },"EC2Principal" ] } ] },
"Action" : [ "sts:AssumeRole" ]
}]
},
"Path": "/",
"Policies": [{
"PolicyName": {"Fn::Join" : ["",[{"Ref":"AWS::StackName"},"InstanceApi"] ] },
"PolicyDocument": {
"Statement": [{
"Effect": "Allow",
"Action": "*",
"Resource": "*"
}]
}
}]
}
},