TemplateURL 必须引用您有权访问的有效 S3 对象
TemplateURL must reference a valid S3 object to which you have access
我正在尝试通过 lambda 函数启动一个新堆栈,如下所示:
var cloudformation = new AWS.CloudFormation();
cloudformation.createStack({
StackName: 'example',
TemplateURL: 'https://s3-eu-west-1.amazonaws.com/my.s3bucket/cloudformationtemplate.yml',
Capabilities: ['CAPABILITY_IAM', 'CAPABILITY_NAMED_IAM'],
RoleARN: 'arn:aws:iam::1234567890AB:role/myRole'
})
但是,我收到以下错误:
TemplateURL must reference a valid S3 object to which you have access
到目前为止我已经尝试添加...
{
"Effect": "Allow",
"Action": [
"s3:GetObject"
],
"Resource": [
"arn:aws:s3:::my.s3bucket"
]
}
...到 myRole(作为 createStack() 上的 RoleARN 参数传入),以及链接到 lambda 本身的 IAM 执行角色。
然而,运气不好。
感谢任何指点。
您还需要添加 ListBucket 权限。
例如:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": ["s3:ListBucket"],
"Resource": ["arn:aws:s3:::BUCKET_NAME"]
},
{
"Effect": "Allow",
"Action": [
"s3:GetObject"
],
"Resource": ["arn:aws:s3:::BUCKET_NAME/*"]
}
]
}
我正在尝试通过 lambda 函数启动一个新堆栈,如下所示:
var cloudformation = new AWS.CloudFormation();
cloudformation.createStack({
StackName: 'example',
TemplateURL: 'https://s3-eu-west-1.amazonaws.com/my.s3bucket/cloudformationtemplate.yml',
Capabilities: ['CAPABILITY_IAM', 'CAPABILITY_NAMED_IAM'],
RoleARN: 'arn:aws:iam::1234567890AB:role/myRole'
})
但是,我收到以下错误:
TemplateURL must reference a valid S3 object to which you have access
到目前为止我已经尝试添加...
{
"Effect": "Allow",
"Action": [
"s3:GetObject"
],
"Resource": [
"arn:aws:s3:::my.s3bucket"
]
}
...到 myRole(作为 createStack() 上的 RoleARN 参数传入),以及链接到 lambda 本身的 IAM 执行角色。
然而,运气不好。
感谢任何指点。
您还需要添加 ListBucket 权限。
例如:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": ["s3:ListBucket"],
"Resource": ["arn:aws:s3:::BUCKET_NAME"]
},
{
"Effect": "Allow",
"Action": [
"s3:GetObject"
],
"Resource": ["arn:aws:s3:::BUCKET_NAME/*"]
}
]
}