我已经创建了策略模板并输出了ARN:
Resources:
# Codebuild Policies
CodeBuildServiceRolePolicy1:
Type: AWS::IAM::ManagedPolicy
Properties:
Description: 'This service role enables AWS CodePipeline to interact with other AWS services, including AWS CodeBuild, on your behalf'
Path: "/"
PolicyDocument:
Version: "2012-10-17"
Statement:
- Resource: "*"
Effect: "Allow"
Action:
...
Outputs:
StackName:
Value: !Ref AWS::StackName
CodeBuildServiceRolePolicy:
Description: The ARN of the ManagedPolicy1
Value: !Ref CodeBuildServiceRolePolicy1
Export:
Name: !Sub '${EnvironmentName}-CodeBuildServiceRolePolicy1'
现在我想o将这些策略导入具有Roles和
的模板中# Codebuilding service role
CodeBuildRole:
Type: AWS::IAM::Role
Properties:
RoleName: !Sub ${EnvironmentName}-CodeBuildRole
AssumeRolePolicyDocument:
Statement:
- Action: ["sts:AssumeRole"]
Effect: Allow
Principal:
Service: [codebuild.amazonaws.com]
Version: "2012-10-17"
Path: /
Policies:
- PolicyDocument:
Fn::ImportValue:
!Sub ${EnvironmentName}-CodeBuildServiceRolePolicy1'
但这失败了。我遇到错误,怎么了?
提前谢谢
A
答案 0 :(得分:0)
您是否尝试使用!Ref函数引用您在第一个堆栈中创建的托管策略?
该政策的CF:
AWSTemplateFormatVersion: "2010-09-09"
Resources:
CodeBuildServiceRolePolicy1:
Type: AWS::IAM::ManagedPolicy
Properties:
Path: "/"
PolicyDocument:
...
Outputs:
CodeBuildServiceRolePolicy:
Value: !Ref CodeBuildServiceRolePolicy1.Arn
角色的CF:
AWSTemplateFormatVersion: "2010-09-09"
Parameters:
PolicyName:
Type: String
Resources:
CodeBuildRole:
Type: "AWS::IAM::Role"
Properties:
Path: "/"
Policies: !Ref PolicyName