MalformedPolicyDocumentExceptionnull AWS KMS KEY
MalformedPolicyDocumentExceptionnull AWS KMS KEY
我正在尝试使用带有以下模板的 cloudformation 创建 KMS 密钥,但出现错误
Error:
MalformedPolicyDocumentExceptionnull (Service: AWSKMS; Status Code: 400; Error Code: MalformedPolicyDocumentException; Request ID: cc99c04e-8423-43a3-9183-313438544abb)
我尝试了很多方法来解决这个问题,但找不到解决方案。
Template:
PcsKmsCmk1:
Type: AWS::KMS::Key
Properties:
KeyPolicy:
Version: 2012-10-17
Id: default
Statement:
- Sid: Allow root account all permissions except to decrypt the key
Effect: Allow
Principal:
AWS:
- !Sub arn:aws:iam::${AWS::AccountId}:root
Action: kms:*
Resource: '*'
- Sid: Enable AWSAdminRole to have full permissions to KMS key
Effect: Allow
Principal:
AWS:
- !Sub arn:aws:iam::${AWS::AccountId}:/role/AWSAdminRole
Action: kms:*
Resource: '*'
Condition:
Bool:
kms:GrantIsForAWSResource: 'true'
在 ARN 中,您使用的 /role 是错误的。
使用- !Sub arn:aws:iam::${AWS::AccountId}:role/AWSAdminRole代替- !Sub arn:aws:iam::${AWS::AccountId}:/role/AWSAdminRole
我正在尝试使用带有以下模板的 cloudformation 创建 KMS 密钥,但出现错误
Error:
MalformedPolicyDocumentExceptionnull (Service: AWSKMS; Status Code: 400; Error Code: MalformedPolicyDocumentException; Request ID: cc99c04e-8423-43a3-9183-313438544abb)
我尝试了很多方法来解决这个问题,但找不到解决方案。
Template:
PcsKmsCmk1:
Type: AWS::KMS::Key
Properties:
KeyPolicy:
Version: 2012-10-17
Id: default
Statement:
- Sid: Allow root account all permissions except to decrypt the key
Effect: Allow
Principal:
AWS:
- !Sub arn:aws:iam::${AWS::AccountId}:root
Action: kms:*
Resource: '*'
- Sid: Enable AWSAdminRole to have full permissions to KMS key
Effect: Allow
Principal:
AWS:
- !Sub arn:aws:iam::${AWS::AccountId}:/role/AWSAdminRole
Action: kms:*
Resource: '*'
Condition:
Bool:
kms:GrantIsForAWSResource: 'true'
在 ARN 中,您使用的 /role 是错误的。
使用- !Sub arn:aws:iam::${AWS::AccountId}:role/AWSAdminRole代替- !Sub arn:aws:iam::${AWS::AccountId}:/role/AWSAdminRole