AWS attach-policy-role returns 400 因为 invalid-arn
AWS attach-policy-role returns 400 because of invalid-arn
我试图使用 CodeDeploy 将我的代码放到 AWS 上。为此,我必须创建一个角色,我目前一直坚持这个角色。我这样设置政策:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "",
"Effect": "Allow",
"Principal": {
"Service": [
"codedeploy.amazonaws.com"
]
},
"Action": "sts:AssumeRole"
}
]
}
并将文件另存为 service-role.json。然后我使用了命令:
aws iam create-role --role-name MyServiceRole --assume-role-policy-document file://service-role.json
我得到了 运行 ... 最终。那返回了一些 JSON:
{
"Role": {
"Path": "/",
"RoleName": "MyServiceRole",
"RoleId": "SOMESTRINGOFRANDOMALPHANUMERICS",
"Arn": "arn:aws:iam::1123445569:role/MyServiceRole",
"CreateDate": "2018-08-31T03:18:24Z",
"AssumeRolePolicyDocument": {
"Version": "2012-10-17",
"Statement": [
{
"Sid": "",
"Effect": "Allow",
"Principal": {
"Service": [
"codedeploy.amazonaws.com"
]
},
"Action": "sts:AssumeRole"
}
]
}
}
}
这一切看起来都是正确的,所以我尝试 运行:
aws iam attach-role-policy --role-name MyServiceRole --policy-arn arn:aws:iam::1123445569:role/MyServiceRole
然后...我收到了回复
An error occurred (InvalidInput) when calling the AttachRolePolicy operation: ARN arn:aws:iam::1123445569:role/MyServiceRole is not valid.
我已经在互联网上寻找解决方案,因为看起来我完全按照 this 的指示做了,但我仍然没有得到任何结果。有谁知道我做错了什么?
不要附加您创建的代入角色策略(并且在创建时已经附加到 MyServiceRole),而是附加 [=] 中描述的 AWS 特权角色之一12=](第 3 步),所以:
aws iam attach-role-policy --role-name MyServiceRole --policy-arn arn:aws:iam::aws:policy/service-role/AWSCodeDeployRole
或
aws iam attach-role-policy --role-name MyServiceRole --policy-arn arn:aws:iam::aws:policy/service-role/AWSCodeDeployRoleForLambda
我试图使用 CodeDeploy 将我的代码放到 AWS 上。为此,我必须创建一个角色,我目前一直坚持这个角色。我这样设置政策:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "",
"Effect": "Allow",
"Principal": {
"Service": [
"codedeploy.amazonaws.com"
]
},
"Action": "sts:AssumeRole"
}
]
}
并将文件另存为 service-role.json。然后我使用了命令:
aws iam create-role --role-name MyServiceRole --assume-role-policy-document file://service-role.json
我得到了 运行 ... 最终。那返回了一些 JSON:
{
"Role": {
"Path": "/",
"RoleName": "MyServiceRole",
"RoleId": "SOMESTRINGOFRANDOMALPHANUMERICS",
"Arn": "arn:aws:iam::1123445569:role/MyServiceRole",
"CreateDate": "2018-08-31T03:18:24Z",
"AssumeRolePolicyDocument": {
"Version": "2012-10-17",
"Statement": [
{
"Sid": "",
"Effect": "Allow",
"Principal": {
"Service": [
"codedeploy.amazonaws.com"
]
},
"Action": "sts:AssumeRole"
}
]
}
}
}
这一切看起来都是正确的,所以我尝试 运行:
aws iam attach-role-policy --role-name MyServiceRole --policy-arn arn:aws:iam::1123445569:role/MyServiceRole
然后...我收到了回复
An error occurred (InvalidInput) when calling the AttachRolePolicy operation: ARN arn:aws:iam::1123445569:role/MyServiceRole is not valid.
我已经在互联网上寻找解决方案,因为看起来我完全按照 this 的指示做了,但我仍然没有得到任何结果。有谁知道我做错了什么?
不要附加您创建的代入角色策略(并且在创建时已经附加到 MyServiceRole),而是附加 [=] 中描述的 AWS 特权角色之一12=](第 3 步),所以:
aws iam attach-role-policy --role-name MyServiceRole --policy-arn arn:aws:iam::aws:policy/service-role/AWSCodeDeployRole
或
aws iam attach-role-policy --role-name MyServiceRole --policy-arn arn:aws:iam::aws:policy/service-role/AWSCodeDeployRoleForLambda