如何使用 sparkleformation 创建 IAM 策略?
How to create IAM policies with sparkleformation?
我正在尝试使用 sparkleformation to create an IAM policy, but I don't know what dynamic to call and am not sure if my template is formatted correctly. Sparkleformation 在错误消息方面几乎什么也没有提供,这只会让调试变得更加困难。
这是我想在 sparkleformation 中创建的策略
{
"Version": "2010-09-09",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:Get*",
"s3:List*",
"ec2:*"
],
"Resource": [
"*"
]
}
]
}
这是我当前创建这个的模板
SparkleFormation.new(:my_policy, :provider => :aws) do
AWSTemplateFormatVersion '2010-09-09'
description 'my policy'
dynamic!(:aws_iam_policy, :test_group) do
properties do
policies array!(
-> {
policy_name "mypolicy"
policy_document do
version "2012-10-17"
statement do
effect "Allow"
resource "*"
action array!(
"s3:Get*",
"s3:List*",
"ec2:*"
)
end
end
}
)
end
end
end
运行 这给出了以下错误:
$ bundle exec sfn create test --file sparkleformation/templates/my-policy.rb
[Sfn]: Callback template stack_policy: starting
[Sfn]: Callback template stack_policy: complete
[Sfn]: SparkleFormation: create
[Sfn]: -> Name: test
[Sfn]: Events for Stack: test
Time Resource Logical Id Resource Status Resource Status Reason
2017-11-08 20:36:24 UTC test CREATE_IN_PROGRESS User Initiated
2017-11-08 20:36:28 UTC TestGroupIamPolicy CREATE_FAILED Encountered unsupported property Policies
2017-11-08 20:36:29 UTC test CREATE_FAILED The following resource(s) failed to create: [TestGroupIamPolicy].
[FATAL]: Create of new stack test: FAILED
ERROR: RuntimeError: Stack did not reach a successful completion state.
这是正确的结构。请注意,与角色或组不同,您不设置策略数组,只设置文档。此外,不能单独创建策略,它必须通过在角色、组 and/or 用户数组中设置至少一个值来附加到某物:
SparkleFormation.new(:my_policy, :provider => :aws) do
AWSTemplateFormatVersion '2010-09-09'
description 'my policy'
dynamic!(:aws_iam_policy, :test_group) do
# at least one of these must be set roles, groups, users
roles array!(
"role1",
"other-role"
)
users array!(
"myuser"
)
policy_name "mypolicy"
policy_document do
version "2012-10-17"
statement do
effect "Allow"
resource "*"
action array!(
"s3:Get*",
"s3:List*",
"ec2:*"
)
end
end
end
end
我正在尝试使用 sparkleformation to create an IAM policy, but I don't know what dynamic to call and am not sure if my template is formatted correctly. Sparkleformation 在错误消息方面几乎什么也没有提供,这只会让调试变得更加困难。
这是我想在 sparkleformation 中创建的策略
{
"Version": "2010-09-09",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:Get*",
"s3:List*",
"ec2:*"
],
"Resource": [
"*"
]
}
]
}
这是我当前创建这个的模板
SparkleFormation.new(:my_policy, :provider => :aws) do
AWSTemplateFormatVersion '2010-09-09'
description 'my policy'
dynamic!(:aws_iam_policy, :test_group) do
properties do
policies array!(
-> {
policy_name "mypolicy"
policy_document do
version "2012-10-17"
statement do
effect "Allow"
resource "*"
action array!(
"s3:Get*",
"s3:List*",
"ec2:*"
)
end
end
}
)
end
end
end
运行 这给出了以下错误:
$ bundle exec sfn create test --file sparkleformation/templates/my-policy.rb
[Sfn]: Callback template stack_policy: starting
[Sfn]: Callback template stack_policy: complete
[Sfn]: SparkleFormation: create
[Sfn]: -> Name: test
[Sfn]: Events for Stack: test
Time Resource Logical Id Resource Status Resource Status Reason
2017-11-08 20:36:24 UTC test CREATE_IN_PROGRESS User Initiated
2017-11-08 20:36:28 UTC TestGroupIamPolicy CREATE_FAILED Encountered unsupported property Policies
2017-11-08 20:36:29 UTC test CREATE_FAILED The following resource(s) failed to create: [TestGroupIamPolicy].
[FATAL]: Create of new stack test: FAILED
ERROR: RuntimeError: Stack did not reach a successful completion state.
这是正确的结构。请注意,与角色或组不同,您不设置策略数组,只设置文档。此外,不能单独创建策略,它必须通过在角色、组 and/or 用户数组中设置至少一个值来附加到某物:
SparkleFormation.new(:my_policy, :provider => :aws) do
AWSTemplateFormatVersion '2010-09-09'
description 'my policy'
dynamic!(:aws_iam_policy, :test_group) do
# at least one of these must be set roles, groups, users
roles array!(
"role1",
"other-role"
)
users array!(
"myuser"
)
policy_name "mypolicy"
policy_document do
version "2012-10-17"
statement do
effect "Allow"
resource "*"
action array!(
"s3:Get*",
"s3:List*",
"ec2:*"
)
end
end
end
end