这是角色片段:
"InstanceRole": {
"Type": "AWS::IAM::Role",
"Properties": {
"AssumeRolePolicyDocument": {
"Version" : "2012-10-17",
"Statement": [ {
"Effect": "Allow",
"Principal": {
"Service" : [ { "Fn::FindInMap": [ "Region2Principal", { "Ref": "AWS::Region" },"EC2Principal" ] } ] },
"Action" : [ "sts:AssumeRole" ]
}]
},
"Path": "/",
"Policies": [{
"PolicyName": {"Fn::Join" : ["",["AWS::StackName","InstanceApi"] ] },
"PolicyDocument": {
"Statement": [{
"Effect": "Allow",
"Action": "*",
"Resource": "*"
}]
}
}]
}
},
这是错误:为策略名称指定的值无效。它必须仅包含字母数字字符和/或以下内容:+=,.@_-
我输入的 AWS::StackName 值是 tmplt-stack ,生成的给出错误的策略名称是:tmplt-stack-InstanceApi- O7KF5OL0TA2Q
我不明白为什么cloudformation拒绝该名称,即使它只包含几个“-”字符,并且根据错误消息是允许的,其余的都是字母数字字符。
最佳答案
这是我在使用伪参数AWS::StackName时犯的巨大错误,我没有用Ref调用它
"InstanceRole": {
"Type": "AWS::IAM::Role",
"Properties": {
"AssumeRolePolicyDocument": {
"Version" : "2012-10-17",
"Statement": [ {
"Effect": "Allow",
"Principal": {
"Service" : [ { "Fn::FindInMap": [ "Region2Principal", { "Ref": "AWS::Region" },"EC2Principal" ] } ] },
"Action" : [ "sts:AssumeRole" ]
}]
},
"Path": "/",
"Policies": [{
"PolicyName": {"Fn::Join" : ["",[{"Ref":"AWS::StackName"},"InstanceApi"] ] },
"PolicyDocument": {
"Statement": [{
"Effect": "Allow",
"Action": "*",
"Resource": "*"
}]
}
}]
}
},
关于json - 通过cloudformation创建IAM角色时policyName出错,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/41870776/