我正在尝试创建一个新的角色和一个新的策略,它将被附加到同一个模板中创建的角色,在同一个模板中获取这个错误:
错误:
缺少必需字段Principal(Service:AmazonIdentityManagement;
状态码:400;错误代码:malformmedpolicydocument;代理:null)
Resources:
lambdaFullPolicy:
Type: AWS::IAM::ManagedPolicy
Properties:
PolicyDocument:
Version: '2012-10-17'
Statement:
- Effect: Allow
Action: "*"
Resource: "*"
LambdaFullRole:
Type: AWS::IAM::Role
Properties:
AssumeRolePolicyDocument:
Version : '2012-10-17'
Statement :
- Effect : Allow
- Principal :
service :
- lambda.amazonaws.com
- Action :
- sts: AssumeRole
ManagedPolicyArns:
- !Ref lambdaFullPolicy
DependsOn:
- lambdaFullPolicy
#------------------------------output -----------------------#
Outputs:
PolicyFullLambda:
Description: table
Value: !Ref lambdaFullPolicy
Export:
Name:
"Fn::Sub": "${AWS::StackName}-PolicyFullLambda"
RollFullLambda:
Value: !Ref LambdaFullRole
Export:
Name:
"Fn::Sub": "${AWS::StackName}-RollFullLambda"
在sts: AssumeRole中有一个额外的空格,它应该读取sts:AssumeRole。这是因为这不是一个YAML组件,而是一个字符串字面值,AWS将其用于角色创建/更新的Action部分。