我使用了以下CloudFormation来创建堆栈
Resources: MyIdentityPool: Type: AWS::Cognito::IdentityPool Properties: AllowUnauthenticatedIdentities: 'true' CognitoRole: Type: 'AWS::IAM::Role' Properties: AssumeRolePolicyDocument: Version: '2012-10-17' Statement: - Effect: Allow Principal: Federated: - 'cognito-identity.amazonaws.com' Action: sts:AssumeRoleWithWebIdentity Condition: StringEquals: cognito-identity.amazonaws.com:aud: Ref: MyIdentityPool ForAnyValue:StringLike: cognito-identity.amazonaws.com:amr: - 'authenticated' CognitoRole2: Type: 'AWS::IAM::Role' Properties: AssumeRolePolicyDocument: Version: '2012-10-17' Statement: - Effect: Allow Principal: Federated: - 'cognito-identity.amazonaws.com' Action: sts:AssumeRoleWithWebIdentity Condition: StringEquals: cognito-identity.amazonaws.com:aud: Ref: MyIdentityPool ForAnyValue:StringLike: cognito-identity.amazonaws.com:amr: - 'unauthenticated' RoleAttachment: DependsOn: MyIdentityPool Type: 'AWS::Cognito::IdentityPoolRoleAttachment' Properties: IdentityPoolId: Ref: MyPinpointIdentityPool Roles: unauthenticated: Fn::GetAtt: CognitoRole2.Arn AccessPolicy: Type: 'AWS::IAM::Policy' Properties: ... Roles: - Ref: CognitoGeneralRole
堆栈创建成功,但是当我通过将IdentityPoolRoleAttachment更改为
来更新堆栈时RoleAttachment: DependsOn: MyIdentityPool Type: 'AWS::Cognito::IdentityPoolRoleAttachment' Properties: IdentityPoolId: Ref: MyPinpointIdentityPool Roles: unauthenticated: Fn::GetAtt: CognitoRole2.Arn authenticated: Fn::GetAtt: CognitoRole.Arn
我得到了AWS::Cognito::IdentityPoolRoleAttachment Resource cannot be updated
。
这可能是什么原因?
答案 0 :(得分:1)
亲自回答问题。
根据他们的支持,根本原因是CluodFormation不支持修改角色附件