我有以下代码,我尝试部署到CloudFormation。 出于某种原因,它坚持认为我错过了模板中的关键元素。
因为我在资源S3NotificationBucketPolicy
中修改了存储桶策略,所以我才开始收到此错误。
任何见解都会很棒。
{
"AWSTemplateFormatVersion": "2010-09-09",
"Description": "",
"Resources": {
"S3NotificationBucketPolicy": {
"Type": "AWS::S3::BucketPolicy",
"Properties": {
"Bucket": {
"Ref": "S3NotificationBucket"
},
"PolicyDocument": {
"Version": "2012-10-17",
"Statement": [{
"Version": "2012-10-17",
"Statement": [{
"Sid": "AWSCloudTrailAclCheck20150318",
"Action": "s3:GetBucketAcl",
"Effect": "Allow",
"Resource": {
"Fn::Join": ["",
["arn:aws:s3:::",
{
"Ref": "S3NotificationBucket"
}]]
},
"Principal": {
"Service": "cloudtrail.amazonaws.com"
}
},
{
"Sid": "AWSCloudTrailWrite20150318",
"Action": "s3:PutObject",
"Effect": "Allow",
"Resource": {
"Fn::Join": ["",
["arn:aws:s3:::",
{
"Ref": "S3NotificationBucket"
},
"/*"]]
},
"Principal": {
"Service": "cloudtrail.amazonaws.com"
},
"Condition": {
"StringEquals": {
"s3:x-amz-acl": "bucket-owner-full-control"
}
}
}]
}]
}
}
},
"S3Bucket": {
"Type": "AWS::S3::Bucket",
"DeletionPolicy": "Delete",
"Properties": {
}
},
"S3NotificationBucket": {
"Type": "AWS::S3::Bucket",
"DeletionPolicy": "Delete",
"Properties": {
}
},
"S3BucketPolicyForCloudTrail": {
"DependsOn": "S3Bucket",
"Type": "AWS::S3::BucketPolicy",
"Properties": {
"Bucket": {
"Ref": "S3Bucket"
},
"PolicyDocument": {
"Version": "2012-10-17",
"Statement": [{
"Sid": "AWSCloudTrailAclCheck20150319",
"Effect": "Allow",
"Principal": {
"Service": "cloudtrail.amazonaws.com"
},
"Action": "s3:GetBucketAcl",
"Resource": {
"Fn::Join": ["",
["arn:aws:s3:::",
{
"Ref": "S3Bucket"
}]]
}
},
{
"Sid": "Permissions fot Cloudtrail",
"Effect": "Allow",
"Principal": {
"Service": "cloudtrail.amazonaws.com"
},
"Action": "s3:*",
"Resource": {
"Fn::Join": ["",
["arn:aws:s3:::",
{
"Ref": "S3Bucket"
},
"/*"]]
}
}]
}
}
},
"CloudTrailForS3": {
"DependsOn": ["S3NotificationBucketPolicy",
"S3BucketPolicyForCloudTrail"],
"Type": "AWS::CloudTrail::Trail",
"Properties": {
"EventSelectors": [{
"DataResources": [{
"Type": "AWS::S3::Object",
"Values": [{
"Fn::Join": ["",
["arn:aws:s3:::",
{
"Ref": "S3Bucket"
},
"/*"]]
}]
}],
"ReadWriteType": "All",
"IncludeManagementEvents": false
}],
"S3BucketName": {
"Ref": "S3NotificationBucket"
},
"IsLogging": true,
"IncludeGlobalServiceEvents": true
}
}
}
}
即使我已经说明了所需的元素,它也会失败并显示以下消息。
缺少必填字段效果(服务:Amazon S3;状态代码:400;错误 代码:MalformedPolicy;请求ID:B44FBDB00CA6AFDD; S3扩展请求ID: jglPqCY9LCEOvIz5v7d2vyFbeaaelNVgahs7nGtYg5NJR20FRfef4m0lgtzqZEMyltI7d9T1g4s =)`
答案 0 :(得分:0)
您的问题是S3NotificationBucketPolicy
政策文件有额外的Version
和Statement
:
"S3NotificationBucketPolicy": {
"Type": "AWS::S3::BucketPolicy",
"Properties": {
"Bucket": {
"Ref": "S3NotificationBucket"
},
"PolicyDocument": {
"Version": "2012-10-17", <-- Here
"Statement": [{
"Version": "2012-10-17", <-- And here
"Statement": [{
"Sid": "AWSCloudTrailAclCheck20150318",
删除其中一个(以及匹配的右括号),你就可以了。