Cloudformation 中的循环依赖 | IAM 资源
Circular dependency in Cloudformation | IAM resources
我一直在我的 cloudformation 模板中遇到循环依赖错误。我相信要解决这个问题,需要将依赖项分离到不同的资源中,但就我而言,我只想将我正在创建的角色的 arn 添加到 in-policy 中。
以下是我要添加到此角色的策略中的操作之一:
Resources:
SSMHostMgmtRole:
Type: AWS::IAM::Role
Properties:
AssumeRolePolicyDocument:
Statement:
- Action:
- sts:AssumeRole
Effect: Allow
Principal:
Service:
- ssm.amazonaws.com
Version: '2012-10-17'
Path: "/"
Policies:
- PolicyDocument:
- Action:
- iam:PassRole
Effect: Allow
Resource: !GetAtt SSMHostMgmtRole.Arn
PolicyName: !Sub ${AWS::StackName}-${AWS::Region}-Example
RoleName: !Sub ${AWS::StackName}-${AWS::Region}-HostMgmtRole
有人可以帮我指出消除循环依赖并使模板正常工作的更改吗?
您需要通过手动创建 Arn 来打破循环依赖。替换:
Resource: !GetAtt SSMHostMgmtRole.Arn
和
Resource: !Sub arn:aws:iam::${AWS::AccountId}:role/${AWS::StackName}-${AWS::Region}-HostMgmtRole
我一直在我的 cloudformation 模板中遇到循环依赖错误。我相信要解决这个问题,需要将依赖项分离到不同的资源中,但就我而言,我只想将我正在创建的角色的 arn 添加到 in-policy 中。
以下是我要添加到此角色的策略中的操作之一:
Resources:
SSMHostMgmtRole:
Type: AWS::IAM::Role
Properties:
AssumeRolePolicyDocument:
Statement:
- Action:
- sts:AssumeRole
Effect: Allow
Principal:
Service:
- ssm.amazonaws.com
Version: '2012-10-17'
Path: "/"
Policies:
- PolicyDocument:
- Action:
- iam:PassRole
Effect: Allow
Resource: !GetAtt SSMHostMgmtRole.Arn
PolicyName: !Sub ${AWS::StackName}-${AWS::Region}-Example
RoleName: !Sub ${AWS::StackName}-${AWS::Region}-HostMgmtRole
有人可以帮我指出消除循环依赖并使模板正常工作的更改吗?
您需要通过手动创建 Arn 来打破循环依赖。替换:
Resource: !GetAtt SSMHostMgmtRole.Arn
和
Resource: !Sub arn:aws:iam::${AWS::AccountId}:role/${AWS::StackName}-${AWS::Region}-HostMgmtRole