Question

我为Dynamodb云形成模板定义了一个IAM策略，如下所示，我收到以下错误：

属性值用户必须是String of String
类型

任何想法我做错了什么？

myDynamoPolicy:
   Type: AWS::IAM::Policy
   Properties: 
     PolicyDocument:
       Version: 2012-10-17
       Statement:
         Sid: AllAPIActionsOnBooks
         Effect: Allow
         Action: dynamodb:*
         Resource: 
           Ref: myDynamoDBTable
     PolicyName: DynamoDBOwnerPolicy
     Users:
        Ref: IAMUsers

Answer 1

根据AWS文档，Users属性必须是数组。它应该是这样的：

myDynamoPolicy:
  Type: AWS::IAM::Policy
  Properties: 
    PolicyDocument:
      Version: 2012-10-17
      Statement:
        Sid: AllAPIActionsOnBooks
        Effect: Allow
        Action: dynamodb:*
        Resource: 
          Ref: myDynamoDBTable
    PolicyName: DynamoDBOwnerPolicy
    Users:
      -
        Ref: "IAMUsers"

可以找到CloudFormation模板参考here。

Answer 2

您的用户字段似乎为空。

运行Dyanamo DB并创建AWS策略时出错

2 个答案: