我有这个 S3 存储桶和策略,正在部署到 CloudFormation。
Resources:
ReportsBucket:
Type: AWS::S3::Bucket
BucketPolicy:
Type: AWS::S3::BucketPolicy
Properties:
Bucket: !Ref ReportsBucket
PolicyDocument:
Id: ReportPolicy
Version: "2012-10-17"
Statement:
- Sid: ReportBucketPolicyDoc
Effect: Allow
Action: "s3:*"
Principal:
AWS: !Join ['', ["arn:aws:iam::", !Ref "AWS::AccountId", ":root"]]
Resource: !Join ['', ['arn:aws:s3:::', !Ref S3Bucket, '/*']]
它失败了,
UPDATE_ROLLBACK_IN_PROGRESS AWS::CloudFormation::Stack {my stack name} The following resource(s) failed to create: [BucketPolicy].
CREATE_FAILED AWS::S3::BucketPolicy BucketPolicy Statement is missing required element
我的政策有什么问题?
最佳答案
它有两个问题:
- 第一行缺少
AWSTemplateFormatVersion
(必需元素) - 对
S3Bucket
的引用应为ReportsBucket
更新版本:
AWSTemplateFormatVersion: 2010-09-09
Resources:
ReportsBucket:
Type: AWS::S3::Bucket
BucketPolicy:
Type: AWS::S3::BucketPolicy
Properties:
Bucket: !Ref ReportsBucket
PolicyDocument:
Id: ReportPolicy
Version: "2012-10-17"
Statement:
- Sid: ReportBucketPolicyDoc
Effect: Allow
Action: "s3:*"
Principal:
AWS: !Join ['', ["arn:aws:iam::", !Ref "AWS::AccountId", ":root"]]
Resource: !Join ['', ['arn:aws:s3:::', !Ref ReportsBucket, '/*']]
关于amazon-web-services - Cloudformation 存储桶策略 - "Statement is missing required element",我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/46838980/