我有一个这样的cloudformation模板,用于创建一个角色来启动EKS
---
AWSTemplateFormatVersion: '2010-09-09'
Description: 'moba production'
Parameters:
EKSIAMRoleName:
Type: String
Description: The name of the IAM role for the EKS service to assume.
Resources:
EKSIAMRole:
Type: 'AWS::IAM::Role'
Properties:
AssumeRolePolicyDocument:
Version: 2012-10-17
Statement:
- Effect: Allow
Principal:
Service:
- eks.amazonaws.com
Action:
- 'sts:AssumeRole'
RoleName: !Ref EKSIAMRoleName
ManagedPolicyArns:
- arn:aws:iam::aws:policy/AmazonEKSClusterPolicy
- arn:aws:iam::aws:policy/AmazonEKSServicePolicy
Outputs:
EKSIAMRole:
Description: EKSIAMRole
Value: !Ref EKSIAMRole但是我得到了这个消息缺少必需的字段Principal,请帮助线索修复它,谢谢
缺少必需字段Principal (Service: AmazonIdentityManagement;状态码:400;错误代码:malformmedpolicydocument;请求ID: af18b2eb-06b0-474e-82bc-b80505f544fd;代理:null)
你有不正确的缩进. 应该是:
---
AWSTemplateFormatVersion: '2010-09-09'
Description: 'moba production'
Parameters:
EKSIAMRoleName:
Type: String
Description: The name of the IAM role for the EKS service to assume.
Resources:
EKSIAMRole:
Type: 'AWS::IAM::Role'
Properties:
AssumeRolePolicyDocument:
Version: 2012-10-17
Statement:
- Effect: Allow
Principal:
Service:
- eks.amazonaws.com
Action:
- 'sts:AssumeRole'
RoleName: !Ref EKSIAMRoleName
ManagedPolicyArns:
- arn:aws:iam::aws:policy/AmazonEKSClusterPolicy
- arn:aws:iam::aws:policy/AmazonEKSServicePolicy
Outputs:
EKSIAMRole:
Description: EKSIAMRole
Value: !Ref EKSIAMRole