在IAM角色之前创建AWS资源，因此因为缺少角色而失败

我正在尝试在sagemaker中使用。下面是无服务器。yaml文件我得到

PocModelEndPointRole" exists and that its trust relationship policy allows the action "sts:AssumeRole" for the service principal

调查后堆栈事件我看到

2022-05-25 02:03:03 UTC+0530    RModelEndpointModel CREATE_FAILED   Could not access model data at s3://my-bucket/output/byom_poc/gre_score_knn.tar.gz. Please ensure that the role "arn:aws:iam::19:role/PocModelEndPointRole" exists and that its trust relationship policy allows the action "sts:AssumeRole" for the service principal "sagemaker.amazonaws.com". Also ensure that the role has "s3:GetObject" permissions and that the object is located in us-east-2. (Service: AmazonSageMaker; Status Code: 400; Error Code: ValidationException; Request ID: 243d62e4b-a7a1-488a-b89e-8aa0fb486296; Proxy: null)
2022-05-25 02:03:02 UTC+0530    ServiceNotificationTopic    CREATE_IN_PROGRESS  Resource creation Initiated
2022-05-25 02:03:02 UTC+0530    ModelEndpointRole   CREATE_IN_PROGRESS  Resource creation Initiated
2022-05-25 02:03:01 UTC+0530    ServiceNotificationTopic    CREATE_IN_PROGRESS  -
2022-05-25 02:03:01 UTC+0530    RModelEndpointModel CREATE_IN_PROGRESS  -
2022-05-25 02:03:01 UTC+0530    ModelEndpointRole   CREATE_IN_PROGRESS  -
2022-05-25 02:02:57 UTC+0530    byom-pc-dev CREATE_IN_PROGRESS  User Initiated

Serverless.yaml

resources:
Resources:
RModelEndpointRole:
Type: AWS::IAM::Role
Properties:
Path: /
RoleName: ${self:custom.modelEndpointRoleName}
PermissionsBoundary: ${self:provider.rolePermissionsBoundary}
ManagedPolicyArns:
- "arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole"
- "arn:aws:iam::aws:policy/CloudWatchLogsFullAccess"
- "arn:aws:iam::aws:policy/CloudWatchEventsFullAccess"
- "arn:aws:iam::aws:policy/AmazonSageMakerFullAccess"
AssumeRolePolicyDocument:
Version: "2012-10-17"
Statement:
- Effect: Allow
Principal:
Service:
- events.amazonaws.com
- states.amazonaws.com
- sagemaker.amazonaws.com
Action:
- sts:AssumeRole
Policies:
- PolicyName: ${self:custom.modelEndpointRoleName}
PolicyDocument:
Version: "2012-10-17"
Statement:
- Effect: Allow
Action:
- s3:List*
- s3:Get*
- s3:Put*
Resource:
- "arn:aws:s3:::${self:custom.deploymentBucket}/*"
- "arn:aws:s3:::${self:custom.deploymentBucket}"
RModelEndpoint:
Type: "AWS::SageMaker::Endpoint"
Properties:
EndpointConfigName:
!GetAtt RModelEndpointConfig.EndpointConfigName
RModelEndpointConfig:
Type: "AWS::SageMaker::EndpointConfig"
Properties:
ProductionVariants:
- InitialInstanceCount: 1
InitialVariantWeight: 1.0
InstanceType: ml.t2.large
#            ModelName: "myrmodel"
#            VariantName: "test1"
ModelName: !GetAtt RModelEndpointModel.ModelName
VariantName: !GetAtt RModelEndpointModel.ModelName
RModelEndpointModel:
Type: "AWS::SageMaker::Model"
Properties:
PrimaryContainer:
Image: ${self:custom.sagemakerRExecutionContainerURI}
Mode: SingleModel
#ModelDataUrl: !Sub s3://${AppBucket}/${ModelDataPath}
#ModelDataUrl: s3://${self:custom.deploymentBucket}/${self:service}/${self.custom.ModelDataPath}
ModelDataUrl: "s3://my-bucket/output/byom_poc/gre_score_knn.tar.gz"             

ExecutionRoleArn: "${self:custom.modelEndpointRoleARN}"        

获取

Serverless Error ---------------------------------------

An error occurred: RModelEndpointModel - Could not access model data at s3://my-bucket/output/byom_poc/gre_score_knn.tar.gz. Please ensure that the role "arn:aws:iam::19:role/PocModelEndPointRole" exists and that its trust relationship policy allows the action "sts:AssumeRole" for the service principal "sagemaker.amazonaws.com". Also ensure that the role has "s3:GetObject" permissions and that the object is located in us-east-2. (Service: AmazonSageMaker; Status Code: 400; Error Code: ValidationException; Request ID: 83d62e4b-a7a1-488a-b89e-8aa0fb486296; Proxy: null).