我正在创建 AWS CloudFormation 模板以添加 lambda 函数作为生命周期 Hook 。但 CloudFormation 模板部署失败并显示以下消息:
The Service-Linked Role for this Auto Scaling group is not yet ready for use.
CF模板采用YAML编写,伸缩组部分如下:
ServerGroup:
Type: 'AWS::AutoScaling::AutoScalingGroup'
DependsOn:
- VpcStack
- NodeManagerExecRole
- NodeManagerSnsTopic
Properties:
VPCZoneIdentifier:
- !GetAtt [VpcStack, Outputs.Subnet2Id]
LaunchConfigurationName: !Ref LaunchConfig2
MinSize: '0'
MaxSize: !Ref NodesPerZone
DesiredCapacity: !Ref NodesPerZone
Cooldown: '300'
HealthCheckType: EC2
HealthCheckGracePeriod: '300'
LoadBalancerNames:
- !Ref ElasticLoadBalancer
LifecycleHookSpecificationList:
- LifecycleTransition: 'autoscaling:EC2_INSTANCE_LAUNCHING'
LifecycleHookName: NodeManager
HeartbeatTimeout: 4800
NotificationTargetARN: !Ref NodeManagerSnsTopic
RoleARN: !GetAtt [NodeManagerExecRole, Arn]
NodeManagerExecRole的代码片段如下:
NodeManagerExecRole:
Type: 'AWS::IAM::Role'
Properties:
AssumeRolePolicyDocument:
Version: 2012-10-17
Statement:
- Effect: Allow
Principal:
Service:
- lambda.amazonaws.com
Action:
- 'sts:AssumeRole'
Policies:
- PolicyName: NodeManager
PolicyDocument:
Version: 2012-10-17
Statement:
- Effect: Allow
Action:
- "sns:Publish"
Resource: "arn:aws:sns:*:*:*"
- Effect: Allow
Action:
- 'logs:CreateLogGroup'
- 'logs:CreateLogStream'
- 'logs:PutLogEvents'
Resource: 'arn:aws:logs:*:*:*'
我在 AWS 文档和 stackoverflow 中进行了搜索,但没有找到有关此错误的有用信息。仅提到here带有详细信息。
模板中是否缺少某些内容?
最佳答案
您需要为自动缩放组添加信任策略才能发布到 SNS。
"Principal": {
"Service": "autoscaling.amazonaws.com"
},
关于amazon-web-services - 此 Auto Scaling 组的服务相关角色尚未可供使用,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/48997943/