这是角色片段:
"InstanceRole": {
"Type": "AWS::IAM::Role",
"Properties": {
"AssumeRolePolicyDocument": {
"Version" : "2012-10-17",
"Statement": [ {
"Effect": "Allow",
"Principal": {
"Service" : [ { "Fn::FindInMap": [ "Region2Principal", { "Ref": "AWS::Region" },"EC2Principal" ] } ] },
"Action" : [ "sts:AssumeRole" ]
}]
},
"Path": "/",
"Policies": [{
"PolicyName": {"Fn::Join" : ["",["AWS::StackName","InstanceApi"] ] },
"PolicyDocument": {
"Statement": [{
"Effect": "Allow",
"Action": "*",
"Resource": "*"
}]
}
}]
}
},
这是错误: The specified value for policyName is invalid. It must contain only alphanumeric characters and/or the following: +=,.@_-
AWS::StackName
我输入的值是tmplt-stack
,生成的给出错误的策略名称是:tmplt-stack-InstanceApi-O7KF5OL0TA2Q
我不明白为什么cloudformation拒绝该名称,即使它仅包含少量字符“-”,并且根据错误消息允许使用该名称,其余均为字母数字字符。
这是我在使用伪参数AWS :: StackNAme时犯的一个巨大错误,我没有使用“ Ref”来调用它
"InstanceRole": {
"Type": "AWS::IAM::Role",
"Properties": {
"AssumeRolePolicyDocument": {
"Version" : "2012-10-17",
"Statement": [ {
"Effect": "Allow",
"Principal": {
"Service" : [ { "Fn::FindInMap": [ "Region2Principal", { "Ref": "AWS::Region" },"EC2Principal" ] } ] },
"Action" : [ "sts:AssumeRole" ]
}]
},
"Path": "/",
"Policies": [{
"PolicyName": {"Fn::Join" : ["",[{"Ref":"AWS::StackName"},"InstanceApi"] ] },
"PolicyDocument": {
"Statement": [{
"Effect": "Allow",
"Action": "*",
"Resource": "*"
}]
}
}]
}
},
本文收集自互联网,转载请注明来源。
如有侵权,请联系 [email protected] 删除。
我来说两句