我在AWS上使用策略生成器创建了一个新策略。我正在尝试使用该策略创建密钥但我收到此错误:
"" BypassPolicyLockoutSafetyCheck =假文件 " C:\用户\应用程序数据\本地\程序\的Python \ Python35-32 \ lib中\站点包\ botocore \ client.py&#34 ;, 第253行,在_api_call中 return self._make_api_call(operation_name,kwargs)File" C:\ Users \ AppData \ Local \ Programs \ Python \ Python35-32 \ lib \ site-packages \ botocore \ client.py", 第543行,在_make_api_call中 raise error_class(parsed_response,operation_name)botocore.errorfactory.MalformedPolicyDocumentException:出错 调用CreateKey时发生(MalformedPolicyDocumentException) 操作:""
我已经验证了密钥的格式,我知道语法没有问题。这是政策:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "Stmt1489675746111",
"Effect": "Allow",
"Action": [
"workspaces:*"
],
"Resource": [
"*"
]
},
{
"Sid": "Stmt1489675786111",
"Effect": "Allow",
"Action": [
"kms:CreateAlias",
"kms:CreateGrant",
"kms:CreateKey",
"kms:Decrypt",
"kms:DeleteAlias",
"kms:DescribeKey",
"kms:EnableKey",
"kms:Encrypt",
"kms:GenerateDataKey",
"kms:GetKeyPolicy",
"kms:ListAliases",
"kms:ListGrants",
"kms:ListKeyPolicies",
"kms:ListKeys",
"kms:PutKeyPolicy"
],
"Resource": [
"*"
]
},
{
"Sid": "Stmt1489675858111",
"Effect": "Allow",
"Action": [
"iam:CreatePolicy",
"iam:CreatePolicyVersion",
"iam:DeletePolicy",
"iam:DeletePolicyVersion",
"iam:GetPolicy",
"iam:GetPolicyVersion"
],
"Resource": [
"*"
]
}
]}
我正在使用python来创建密钥。如果我使用默认策略,那么我可以创建策略。有什么想法吗?一些实时的例子?我在aws文档中查看过,但找不到与aws cli相关的任何好例子。
response = kms.create_key(
Policy = 'KeyPolicyForScripting',
Description = 'Workspaces Key',
KeyUsage = 'ENCRYPT_DECRYPT',
Origin = 'AWS_KMS',
BypassPolicyLockoutSafetyCheck = False
)