我想使用学习者实验室 AWS ACADEMY 定义的 LabRole。但是,我在如何调用 LabRole 而不是创建新角色时遇到了很多问题和错误,因为 Learner Lab 的权限仅适用于预定义角色(LabRole),无法创建角色。
我尝试将脚本从 GreengrassV2Workshop 更改为,但它不起作用。 `
{
"AWSTemplateFormatVersion" : "2010-09-09",
"Description" : "AWS CloudFormation template for AWS IoT Greengrass V2 workshop. Creates various resources like Cloud9, S3, VPC and more.",
"Mappings" : {
"CONFIG" : {
"DEPLOYMENT": { "VERSION" : "2021-05-14" },
"S3BUCKET": { "NAME": "aws-iot-workshop-artifacts" },
"S3PREFIX": { "NAME": "resources" }
}
},
"Metadata" : {
"AWS::CloudFormation::Interface" : {
"ParameterGroups" : [
{
"Label" : { "default": "Cloud9 instance type" },
"Parameters" : [ "C9InstanceType" ]
}
],
"ParameterLabels" : {
"C9InstanceType": { "default" : "AWS Cloud9 instance type" }
}
}
},
"Parameters" : {
"C9InstanceType" : {
"Description" : "A valid EC2 instance type.",
"Type" : "String",
"Default" : "t3.large",
"AllowedValues" : [ "t3.medium", "t3.large", "t3.xlarge" ],
"ConstraintDescription" : "Must be a valid AWS Cloud9 instance type"
}
},
"Resources" : {
"LambdaJITRRole": {
"Type": "AWS::IAM::Role",
"Properties": {
"AssumeRolePolicyDocument": {
"Statement": [ {
"Effect": "Allow",
"Principal": {
"Service": [ "lambda.amazonaws.com" ]
},
"Action": [ "sts:AssumeRole" ]
} ]
},
"Policies": [ {
"PolicyName": {"Fn::Join": ["", ["IoTWSRegLambdaJITRPolicy-", {"Ref": "AWS::Region"} ]]},
"PolicyDocument": {
"Version":"2012-10-17",
"Statement":[
{
"Effect":"Allow",
"Action":[
"logs:CreateLogGroup",
"logs:CreateLogStream",
"logs:PutLogEvents"
],
"Resource":"arn:aws:logs:*:*:*"
},
{
"Effect":"Allow",
"Action":[
"iot:CreateThing",
"iot:UpdateCertificate",
"iot:CreatePolicy",
"iot:AttachPolicy",
"iot:DescribeCertificate",
"iot:AttachThingPrincipal"
],
"Resource":"*"
}
]
}
}
],
"Path": "/service-role/"
}
},
"C9SecurityGroup" : {
"Type" : "AWS::EC2::SecurityGroup",
"Properties" : {
"VpcId" : { "Fn::GetAtt" : [ "MiscResources", "Outputs.VpcId" ] },
"GroupDescription" : "Enable access to MQTT port",
"Tags" : [ { "Key" : "Name", "Value" : "C9 IoT workshop" } ],
"SecurityGroupIngress" : [
{"IpProtocol" : "tcp", "FromPort" : 8883, "ToPort" : 8883, "CidrIp" : "127.0.0.0/8"}
]
}
},
"MiscResources" : {
"Type" : "AWS::CloudFormation::Stack",
"Properties" : {
"TemplateURL" : {
"Fn::Sub": [
"https://${S3Bucket}.s3.amazonaws.com/${S3Prefix}/${Version}/cfn/cfn-iot-misc.json",
{
"S3Bucket": { "Fn::FindInMap" : [ "CONFIG", "S3BUCKET", "NAME"] },
"S3Prefix": { "Fn::FindInMap" : [ "CONFIG", "S3PREFIX", "NAME"] },
"Version": { "Fn::FindInMap" : [ "CONFIG", "DEPLOYMENT", "VERSION"] }
}
]
}
}
},
"C9Instance" : {
"Type" : "AWS::CloudFormation::Stack",
"Properties" : {
"TemplateURL" : {
"Fn::Sub": [
"https://${S3Bucket}.s3.amazonaws.com/${S3Prefix}/${Version}/cfn/cfn-iot-c9-v2.json",
{
"S3Bucket": { "Fn::FindInMap" : [ "CONFIG", "S3BUCKET", "NAME"] },
"S3Prefix": { "Fn::FindInMap" : [ "CONFIG", "S3PREFIX", "NAME"] },
"Version": { "Fn::FindInMap" : [ "CONFIG", "DEPLOYMENT", "VERSION"] }
}
]
},
"Parameters" : {
"C9InstanceType": { "Ref": "C9InstanceType" },
"C9ImageId": "ubuntu-18.04-x86_64",
"C9SecurityGroupId": { "Ref": "C9SecurityGroup" },
"C9StopTime": 180,
"IoTPolicy": { "Fn::GetAtt" : [ "MiscResources", "Outputs.IoTPolicy" ] },
"IoTServiceRoleArn": { "Fn::GetAtt" : [ "MiscResources", "Outputs.IoTServiceRoleArn" ] },
"RootStackName": { "Ref": "AWS::StackName" },
"SubnetId": { "Fn::GetAtt" : [ "MiscResources", "Outputs.PubSubnetIdA" ] },
"S3BucketArn": { "Fn::GetAtt" : [ "MiscResources", "Outputs.S3BucketArn" ] },
"S3BucketName": { "Fn::GetAtt" : [ "MiscResources", "Outputs.S3BucketName" ] },
"Workshop": "AwsWorkshop/IoT/GreengrassV2",
"UserDataScript": "c9-ub1804-ggv2-user-data.sh"
}
}
}
},
"Outputs" : {
"AWSCloud9URL": {
"Description": "URL to access your AWS Cloud9 IDE",
"Value": { "Fn::GetAtt" : [ "C9Instance", "Outputs.AWSCloud9URL" ] }
},
"AWSCloud9Id": {
"Description": "Environment Id of your AWS Cloud9 IDE",
"Value": { "Fn::GetAtt" : [ "C9Instance", "Outputs.AWSCloud9Id" ] }
},
"S3Bucket" : {
"Description" : "Name of the S3 Bucket for the IoT workshop",
"Value" : { "Fn::GetAtt" : [ "MiscResources", "Outputs.S3BucketName" ] }
},
"IoTPolicy" : {
"Description" : "Name of the IoT policy for JITP",
"Value" : { "Fn::GetAtt" : [ "MiscResources", "Outputs.IoTPolicy" ] }
},
"IoTServiceRoleArn" : {
"Description" : "Role Arn for IoT device provisiong",
"Value" : { "Fn::GetAtt" : [ "MiscResources", "Outputs.IoTServiceRoleArn" ] }
},
"IoTServiceRoleName" : {
"Description" : "Role name for IoT device provisiong/rule actions",
"Value" : { "Fn::GetAtt" : [ "MiscResources", "Outputs.IoTServiceRoleName" ] }
},
"ArnLambdaRole" : {
"Description" : "Role Arn for the JITR Lambda function",
"Value" : { "Fn::GetAtt" : ["LambdaJITRRole", "Arn"] }
},
"GGOtaS3UrlSignerRoleArn" : {
"Description" : "The IAM role arn for OTA which is used to presign the S3 url which links to the Greengrass software update.",
"Value" : { "Fn::GetAtt" : [ "MiscResources", "Outputs.GGOtaS3UrlSignerRoleArn" ] }
}
}
}
` 该脚本未创建堆栈,并且显示下一个错误:
最佳答案
在 AWS Academy 中,您无法创建任何 IAM 角色或策略。这是 AWS Academy 帐户的硬限制,您无法更改。
关于amazon-web-services - LabLearner CloudFormation 中的 LabRole,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/74364428/