我正在学习如何利用无服务器框架,并且在创建角色时将承担某些特定功能,但是cloudformation会引发错误,指示:
An error occurred: LambdaAdminRole - Unknown field Policies (Service: AmazonIdentityManagement; Status Code: 400; Error Code: MalformedPolicyDocument; Request ID: 07cb3916-78c5-11e9-b0f6-37c9c6cd9547).
在无服务器中定义资源的方式如下:
resources:
Resources:
LambdaAdminRole:
Type: AWS::IAM::Role
Properties:
RoleName: ${self:service}-${self:provider.stage}-lambda-admin-role
AssumeRolePolicyDocument:
Version: '2017'
Statement:
- Effect: Allow
Principal:
Service:
- lambda.amazonaws.com
Action: sts:AssumeRole
Policies:
- PolicyName: ${self:service}-${self:provider.stage}-lambda-cognito-admin-policy
PolicyDocument:
Version: '2017'
Statement:
- Effect: Allow
Action:
- cognito-idp:ListUsersInGroup
- cognito-idp:ListUsers
Resource:
- 'Fn::Join':
- ':'
- - 'arn:aws:cognito-idp'
- ${self:provider.region}
- Ref: 'AWS::AccountId'
- 'userpool/*'
这是否不是使用无服务器角色创建角色的正确方法?我遵循无服务器文档显示的示例:https://serverless.com/framework/docs/providers/aws/guide/iam/
答案 0 :(得分:2)
缩进不正确,Policies属性属于Properties,而不是AssumeRolePolicyDocument,在文档中就是这种情况。
(将整个Policies部分缩进一个)
答案 1 :(得分:0)
如official documentation Policies中所述,属于Properties,不属于AssumeRolePolicyDocument