通过 cloudformation 创建 IAM 角色时 policyName 出错
Error in the policyName when creating IAM Role by cloudformation
这是角色片段:
"InstanceRole": {
"Type": "AWS::IAM::Role",
"Properties": {
"AssumeRolePolicyDocument": {
"Version" : "2012-10-17",
"Statement": [ {
"Effect": "Allow",
"Principal": {
"Service" : [ { "Fn::FindInMap": [ "Region2Principal", { "Ref": "AWS::Region" },"EC2Principal" ] } ] },
"Action" : [ "sts:AssumeRole" ]
}]
},
"Path": "/",
"Policies": [{
"PolicyName": {"Fn::Join" : ["",["AWS::StackName","InstanceApi"] ] },
"PolicyDocument": {
"Statement": [{
"Effect": "Allow",
"Action": "*",
"Resource": "*"
}]
}
}]
}
},
这是错误:The specified value for policyName is invalid. It must contain only alphanumeric characters and/or the following: +=,.@_-
我输入的AWS::StackName值为tmplt-stack,生成报错的策略名称为:tmplt-stack-InstanceApi-O7KF5OL0TA2Q
我不明白为什么cloudformation拒绝这个名字,即使它只包含几个'-'字符,根据错误消息允许,其余都是字母数字字符。
这是我在使用伪参数AWS::StackName时犯下的巨大错误,我没有用Ref
调用它
"InstanceRole": {
"Type": "AWS::IAM::Role",
"Properties": {
"AssumeRolePolicyDocument": {
"Version" : "2012-10-17",
"Statement": [ {
"Effect": "Allow",
"Principal": {
"Service" : [ { "Fn::FindInMap": [ "Region2Principal", { "Ref": "AWS::Region" },"EC2Principal" ] } ] },
"Action" : [ "sts:AssumeRole" ]
}]
},
"Path": "/",
"Policies": [{
"PolicyName": {"Fn::Join" : ["",[{"Ref":"AWS::StackName"},"InstanceApi"] ] },
"PolicyDocument": {
"Statement": [{
"Effect": "Allow",
"Action": "*",
"Resource": "*"
}]
}
}]
}
},
这是角色片段:
"InstanceRole": {
"Type": "AWS::IAM::Role",
"Properties": {
"AssumeRolePolicyDocument": {
"Version" : "2012-10-17",
"Statement": [ {
"Effect": "Allow",
"Principal": {
"Service" : [ { "Fn::FindInMap": [ "Region2Principal", { "Ref": "AWS::Region" },"EC2Principal" ] } ] },
"Action" : [ "sts:AssumeRole" ]
}]
},
"Path": "/",
"Policies": [{
"PolicyName": {"Fn::Join" : ["",["AWS::StackName","InstanceApi"] ] },
"PolicyDocument": {
"Statement": [{
"Effect": "Allow",
"Action": "*",
"Resource": "*"
}]
}
}]
}
},
这是错误:The specified value for policyName is invalid. It must contain only alphanumeric characters and/or the following: +=,.@_-
我输入的AWS::StackName值为tmplt-stack,生成报错的策略名称为:tmplt-stack-InstanceApi-O7KF5OL0TA2Q
我不明白为什么cloudformation拒绝这个名字,即使它只包含几个'-'字符,根据错误消息允许,其余都是字母数字字符。
这是我在使用伪参数AWS::StackName时犯下的巨大错误,我没有用Ref
"InstanceRole": {
"Type": "AWS::IAM::Role",
"Properties": {
"AssumeRolePolicyDocument": {
"Version" : "2012-10-17",
"Statement": [ {
"Effect": "Allow",
"Principal": {
"Service" : [ { "Fn::FindInMap": [ "Region2Principal", { "Ref": "AWS::Region" },"EC2Principal" ] } ] },
"Action" : [ "sts:AssumeRole" ]
}]
},
"Path": "/",
"Policies": [{
"PolicyName": {"Fn::Join" : ["",[{"Ref":"AWS::StackName"},"InstanceApi"] ] },
"PolicyDocument": {
"Statement": [{
"Effect": "Allow",
"Action": "*",
"Resource": "*"
}]
}
}]
}
},