我创建了一个简单的 cdk 包,它定义了单个资源 (aws Lambda)。
在 cdk 部署 步骤中,关联的 IAM 角色创建失败,并出现错误:
10:55:30 AM | CREATE_FAILED | AWS::IAM::Role | AenvaiyeRoleD5AD7F7D
Duplicate tag keys found. Please note that Tag keys are case insensitive. (Service: AmazonIdentityManagement; Status Code: 400; Error Code: InvalidInput; Request ID: f2148918-9281-44ae-8c8d-f45b108fcb22; Proxy: null) new Role (/workplace/vasuaror/XYZ/src/XYZCDK/node_modules/monocdk/lib/aws
这是为相关 IAM 角色生成的 CFN 模板(提取的相关部分):
AenvaiyeRoleD5AD7F7D:
Type: AWS::IAM::Role
Properties:
AssumeRolePolicyDocument:
Statement:
- Action: sts:AssumeRole
Effect: Allow
Principal:
Service: lambda.amazonaws.com
Version: "2012-10-17"
ManagedPolicyArns:
- Fn::Join:
- ""
- - "arn:"
- Ref: AWS::Partition
- :iam::aws:policy/service-role/AWSLambdaBasicExecutionRole
- Fn::Join:
- ""
- - "arn:"
- Ref: AWS::Partition
- :iam::aws:policy/service-role/AWSLambdaVPCAccessExecutionRole
- Fn::Join:
- ""
- - "arn:"
- Ref: AWS::Partition
- :iam::aws:policy/AWSXRayDaemonWriteAccess
RoleName: Aenvaiye-Role
Tags:
- Key: application
Value: proSPERAPP
- Key: HighCastleBlueprintID-3c5b7308-d575-48bd-bd28-bce1ff16a0d9
Value: "8.0"
- Key: HighCastleDeploymentType
Value: Pipelines
- Key: lambdaFunction
Value: Aenvaiye
- Key: production
Value: "false"
- Key: stagePurposes
Value: Personal
Metadata:
aws:cdk:path: PromotionSellerPayablesEventResponder-Infira-personal/Aenvaiye/Role/Resource
CFN 模板中没有重复的标签键。即使按照用于生成 CFN 的库的代码(库定义了 aws-cdk 的 L3 构造),似乎也没有重复的标签键。
我不确定为什么会收到此错误!
最佳答案
对于 CFN,CFN 上定义的标签将继承到模板中定义的资源中。检查以下内容:
- 确保标签不会被继承
- 如果继承,请务必删除 CFN 堆栈上定义的标签(具有相同的键)
希望这有帮助。
关于amazon-web-services - 部署 aws cdk 包时在 IAM 角色中发现重复的标签键,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/67871517/