收到此错误,为存储桶检测到不正确的S3存储桶策略:
(服务:AWSCloudTrail;状态代码:400;错误代码:InsufficientS3BucketPolicyException;请求ID:ebaf35b8-a38e-4357-a742-af5fa92bbc43)
Parameters:
trailname:
Type: String
s3bucketname:
Type: String
Resources:
myvpctrail:
DependsOn:
- s3bucketpolicy
- creates3bucket
Type: AWS::CloudTrail::Trail
Properties:
IsLogging: true
IsMultiRegionTrail: true
IncludeGlobalServiceEvents: true
S3BucketName: !Ref creates3bucket
creates3bucket:
Type: AWS::S3::Bucket
Properties:
BucketName: !Sub ${s3bucketname}
s3bucketpolicy:
Type: AWS::S3::BucketPolicy
Properties:
Bucket: !Sub ${s3bucketname}
PolicyDocument:
Version: '2012-10-17'
Statement:
- Sid: 'AWSCloudTrailAclCheck20150319'
Effect: 'Allow'
Principal:
Service: 'cloudtrail.amazonaws.com'
Action: 's3:GetBucketAcl'
Resource:
!Sub 'arn:aws:s3:::${s3bucketname}'
PolicyDocument:
Version: '2012-10-17'
Statement:
- Sid: AWSCloudTrailWrite20150319
Effect: 'Allow'
Principal:
Service: 'cloudtrail.amazonaws.com'
Action: 's3:PutObject'
Resource:
!Sub 'arn:aws:s3:::${s3bucketname}/AWSLogs/${AWS::AccountId}/*'
Condition:
StringEquals:
s3:x-amz-acl: 'bucket-owner-full-control'
为存储桶检测到错误的S3存储桶策略:(服务:AWSCloudTrail;状态代码:400;错误代码:InsufficientS3BucketPolicyException;请求ID:ebaf35b8-a38e-4357-a742-af5fa92bbc43)
enter code here
答案 0 :(得分:1)
对于YAML中的缩进和属性名称,您应该格外小心。我认为问题出在artists = {
uniqueId: 'Artist Name',
uniqueId2: 'Second Artist Name',
}
,应该是这样的:
Condition
将此与您的比较:
Condition:
StringEquals:
's3:x-amz-acl': bucket-owner-full-control
答案 1 :(得分:0)
问题出在以下几行:
Statement:
- Sid: 'AWSCloudTrailAclCheck20150319'
应为:
Statement:
-
Sid: 'AWSCloudTrailAclCheck20150319'
并且:
Statement:
- Sid: AWSCloudTrailWrite20150319
应为:
Statement:
-
Sid: AWSCloudTrailWrite20150319
这是因为它们是字典值,而不是列表。