我正在为IAM角色制作一个Cloudformation模板,该模板授予跨帐户只读访问权限。它还使用托管策略进行只读访问。到目前为止,我已经解决了几个错误,但现在我得到了一个"' null'模板中不允许使用值"我尝试验证模板时出错。我认为它是一个空间或语法的东西,但我不能确定,因为它是我第一次从头开始创建一个云形态模板并使用YAML。
AWSTemplateFormatVersion: '2010-09-09'
Description: AWS CloudFormation template IAM Role for New Relic to have read access to AWS account
Resources:
NewRelicInfrastructure-IntegrationsRole:
Type: AWS::IAM::Role
Properties:
AssumeRolePolicyDocument:
Version: '2012-10-17'
Statement:
Effect: Allow
Principal:
AWS: 11111111
Action: sts:AssumeRole
Condition:
StringEquals:
sts:ExternalId: '11111'
Path: '/'
ManagedPolicyArns: arn:aws:iam::aws:policy/ReadOnlyAccess
RoleName: NewRelicInfrastructure-Integrations2
答案 0 :(得分:2)
缩进已修复,它在AssumeRolePolicyDocument中指定了一些内容,但是YAML语法不正确,这有效:
AWSTemplateFormatVersion: '2010-09-09'
Description: AWS CloudFormation template IAM Role for New Relic to have read access to AWS account
Resources:
NewRelicInfrastructureIntegrationsRole:
Type: AWS::IAM::Role
Properties:
Path: '/managed/'
ManagedPolicyArns:
- 'arn:aws:iam::aws:policy/ReadOnlyAccess'
AssumeRolePolicyDocument:
Version: '2012-10-17'
Statement:
-
Action: sts:AssumeRole
Effect: Allow
Principal:
AWS: 1111111111111
Condition:
StringEquals:
sts:ExternalId: '11111'
RoleName: NewRelicInfrastructureIntegrationsRole
答案 1 :(得分:1)
在线使用YAML解释器向您显示在yaml文件中可能从何处获得空值的地方。很难发现它们,因为缩进错误会导致值为空-yaml解释器将在json中向您显示获取该值的地方。
答案 2 :(得分:0)
问题在于AssumeRolePolicyDocument:。这是必需的,但你把它留空了。您还有一个缩进问题,其中Path,ManagedPolicyArns和RoleName位于Resources而不是Properties。
尝试:
AWSTemplateFormatVersion: '2010-09-09'
Description: AWS CloudFormation template IAM Role for New Relic to have read access to AWS account
Resources:
NewRelicInfrastructure-IntegrationsRole:
Type: AWS::IAM::Role
Properties:
AssumeRolePolicyDocument:
Version: '2012-10-17'
Statement:
Effect: Allow
Principal:
AWS: 11111111
Action: sts:AssumeRole
Condition:
StringEquals:
sts:ExternalId: '11111'
Path: '/'
ManagedPolicyArns: arn:aws:iam::aws:policy/ReadOnlyAccess
RoleName: NewRelicInfrastructure-Integrations2