用于使用内联策略创建IAM角色的云信息模板

时间:2018-03-09 21:42:09

标签: amazon-web-services amazon-cloudformation

我正在尝试使用以下模板创建IAM角色。我可以使用托管策略创建角色。当我尝试在模板中添加内联策略时,我收到错误

“Property PolicyDocument不能为空。”

{
"Resources": {
"test": {
      "Type": "AWS::IAM::Role",
      "Properties": {
        "AssumeRolePolicyDocument": {
          "Version": "2012-10-17",
          "Statement": [
            {
              "Effect": "Allow",
              "Principal": {
                "Service": [
                  "ec2.amazonaws.com"
                ]
              },
              "Action": [
                "sts:AssumeRole"
              ]
            }
          ]
        },
        "ManagedPolicyArns": [
          "arn:aws:iam::aws:policy/AmazonEC2ReadOnlyAccess",
          "arn:aws:iam::aws:policy/service-role/AWSLambdaVPCAccessExecutionRole",
        ],
      "Policies": [
      "PolicyName" : "create_snapshot",
      "PolicyDocument" : {
         "Version" : "2012-10-17",
         "Statement": [ {
         "Effect"   : "Allow",
         "Action": [
                "ec2:DeleteSnapshot",
                "ec2:CreateTags",
                "ec2:CreateSnapshot"
            ],
         "Resource" : "*"
         } ]      
      }
],
"RoleName": "test"
      }
    }
}
}

1 个答案:

答案 0 :(得分:2)

策略是一个策略对象列表,其编写如下,每个单独的策略对象都嵌入在[]列表中的花括号中:

"Policies": [ {
    "PolicyName" : "policy01",
    "PolicyDocument" : { ... }
}, {
    "PolicyName" : "policy02",
    "PolicyDocument" : { ... }
} ]
相关问题
最新问题