SAM 创建新角色和新策略

Question

我正在尝试创建一个新角色和一个将附加的新策略到同一模板中在模板中创建的相同角色并获取此错误：

错误：

Missing required field Principal(Service:AmazonIdentityManagement;
Status Code: 400; Error Code: MalformedPolicyDocument; Proxy: null)

Resources:
  lambdaFullPolicy:
    Type: AWS::IAM::ManagedPolicy
    Properties:
      PolicyDocument:
        Version: '2012-10-17'
        Statement:
          - Effect: Allow
            Action: "*"
            Resource: "*"
  LambdaFullRole:
    Type: AWS::IAM::Role
    Properties:
      AssumeRolePolicyDocument:
        Version : '2012-10-17'
        Statement :
        - Effect : Allow
        - Principal :
            service :
            - lambda.amazonaws.com
        - Action :
          - sts: AssumeRole
      ManagedPolicyArns:
      - !Ref lambdaFullPolicy
    DependsOn:
    - lambdaFullPolicy



  #------------------------------output -----------------------#

Outputs:
  PolicyFullLambda:
    Description: table
    Value: !Ref lambdaFullPolicy
    Export:
      Name:
        "Fn::Sub": "${AWS::StackName}-PolicyFullLambda"
  RollFullLambda:
    Value: !Ref LambdaFullRole
    Export:
      Name:
        "Fn::Sub": "${AWS::StackName}-RollFullLambda"

Answer 1

sts: AssumeRole 中多了一个 space，应该是 sts:AssumeRole。这是因为这不是 YAML 组件，而是 AWS 用于角色 creation/update.

的 Action 部分的字符串文字

SAM 创建新角色和新策略

SAM create new role and new policy

amazon-cloudformation

amazon-iam

aws-sam

错误：