当我运行此堆栈时,我收到以下错误。首次在AWS文档的帮助下尝试,但仍然无法找出错误。
通过此CFT,我正在尝试创建一个具有托管策略的角色,并向其附加一个内联策略
Syntax errors in policy. (Service: AmazonIdentityManagement; Status Code: 400; Error Code: MalformedPolicyDocument
但是无法弄清楚缺少的语法,有人可以在这里帮我吗。
"EMRDefaultRole": {
"Type": "AWS::IAM::Role",
"Properties": {
"RoleName": "EMR_DefaultRole",
"AssumeRolePolicyDocument": {
"Version": "2012-10-17",
"Statement": [ {
"Effect": "Allow",
"Principal": {
"Service": "elasticmapreduce.amazonaws.com"
},
"Action": "sts:AssumeRole"
} ]
},
"ManagedPolicyArns": [
"arn:aws:iam::aws:policy/service-role/AmazonElasticMapReduceRole"
]
}
},
"EMRS3Policies": {
"Type": "AWS::IAM::Policy",
"Properties": {
"PolicyName": "Moodys-IAM-EMR-S3-Access-Policy",
"PolicyDocument": {
"Statement": [{
"Effect": "Allow",
"Action": [
"s3:HeadBucket",
"s3:ListObjects"
],
"Resource": {["Fn::Join",[
"-",
[
"mit",
{
"Ref": "AWS::AccountId"
}
"emr-files/*"
]]
]}
}]
},
"Roles": [{"Ref": "EMRDefaultRole"}]
答案 0 :(得分:0)
Resource键中有问题,您错误地使用了Fn::Join。应该是:
{
"Resource": {
"Fn::Join": [
"",
[
"arn:aws:s3:::mit-",
{ "Ref": "AWS::AccountId" },
"-emr-files/*"
]
]
}
}