无法使用 Cloudformation 创建 KMS

Question

我有以下代码通过 CF 创建 KMS，但是我从这部分收到模板错误。这里有什么遗漏吗？

KmsKey:
    Type: AWS::KMS::Key
    Properties:
      Description: KMS-Key
      KeyPolicy:
        Version: "2012-10-17"
        Id: encryption-key
        EnableKeyRotation: "True"
        PendingWindowInDays: 7
        Statement:
          - Sid: Allow administration of the key
            Effect: Allow
            Resource: "*"
            Principal:
              AWS: arn:aws:iam::#{AWS::AccountId}:root
            Action:
              - kms:Create*
              - kms:Describe*
              - kms:Enable*
              - kms:List*
              - kms:Put*
              - kms:Update*
              - kms:Revoke*
              - kms:Disable*
              - kms:Get*
              - kms:Delete*
              - kms:ScheduleKeyDeletion
              - kms:CancelKeyDeletion

Answer 1

目前唯一明显的是以下内容：

AWS: arn:aws:iam::#{AWS::AccountId}:root

应该是：

AWS: !Sub "arn:aws:iam::${AWS::AccountId}:root"

无法使用 Cloudformation 创建 KMS

Not able to create KMS using Cloudformation

amazon-web-services

amazon-cloudformation

amazon-kms