创建 IAM 策略时出现 MalformedPolicyDocument 错误

Question

我正在尝试通过 AWS CLI 创建托管策略：

POLICY='
{
  "Version":"2012-10-17",
  "Statement":
  [{
    "Effect":"Allow",
    "Action":
    [
      "cloudformation:*"
    ],
    "Resource":"*"
  },
  {
    "Effect":"Deny",
    "Action":
    [
      "cloudformation:UpdateStack",
      "cloudformation:DeleteStack"
    ],
    "Resource": "'${arn}'"
  }]
}'

# Create policy if not already created
[ $(aws iam list-policies | grep -ce CloudFormation-policy-${StackName}) -eq 0 ] && (aws iam create-policy --policy-name CloudFormation-policy-${StackName} --policy-document "'${POLICY}'")

当我运行脚本时出现此错误：

An error occurred (MalformedPolicyDocument) when calling the CreatePolicy operation: Syntax errors in policy.

我不知道错误在哪里。有什么想法吗？

Answer 1

每个操作系统都有自己的处理单引号和双引号转义的方式，并且根据 AWS CLI documentation:

When passing in large blocks of data, you might find it easier to save the JSON to a file and reference it from the command line. JSON data in a file is easier to read, edit, and share with others.

Quoting Strings approach might not be best choice while passing Json data, instead use Loading parameters from file approach.

创建 IAM 策略时出现 MalformedPolicyDocument 错误

MalformedPolicyDocument error while creating an IAM Policy

shell

json

amazon-web-services

amazon-cloudformation

amazon-iam