我在通过 Cloudformation 实现 CloudTrail 时遇到问题,当我尝试启动模型时,检测到错误的 S3 存储桶策略,引发存储桶错误。
这是 BucketPolicy 的配置:
"LogBucketPolicy": {
"Type": "AWS::S3::BucketPolicy",
"Properties": {
"Bucket": {
"Ref": "LogBucket"
},
"PolicyDocument": {
"Version": "2012-10-17",
"Statement": [
{
"Sid": "AWSCloudTrailAclCheck",
"Effect": "Allow",
"Principal": {
"Service": "cloudtrail.amazonaws.com"
},
"Action": "s3:GetBucketAcl",
"Resource": {
"Fn::Join": [
"",
[
"arn:aws:s3:::",
{
"Ref": "LogBucket"
}
]
]
}
},
{
"Sid": "AWSCloudTrailWrite",
"Effect": "Allow",
"Principal": {
"Service": "cloudtrail.amazonaws.com"
},
"Action": "s3:PutObject",
"Resource": {
"Fn::Join": [
"",
[
"arn:aws:s3:::",
{
"Ref": "LogBucket"
},
"/AWSLogs/139339407673/*"
]
]
},
"Condition": {
"StringEquals": {
"s3:x-amz-acl": "bucket-owner-full-control"
}
}
}
]
}
}
}
我已从 AWS 示例中复制了模板,但如果我在实现过程中犯了错误,请告诉我。
编辑:该错误不是由存储桶策略引发的,而是由 CloudTrail 引发的。这是存储桶的配置:
"Trail": {
"Type": "AWS::CloudTrail::Trail",
"Properties": {
"SnsTopicName": {
"Fn::GetAtt": [
"Topic",
"TopicName"
]
},
"IsLogging": true,
"S3BucketName": {
"Ref": "LogBucket"
}
},
"DependsOn": [
"LogBucket"
]
}
最佳答案
正如 Krishna 所提到的,错误来自于我没有放置 BucketPolicy 的依赖项。完成此操作后,堆栈就已部署,没有任何问题。
关于amazon-web-services - 在 CloudFormation 中检测到存储桶的 S3 存储桶策略不正确,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/49135099/