Cloudformation Stack 1:
AWSTemplateFormatVersion: 2010-09-09
Metadata:
'AWS::CloudFormation::Designer':
c311c237-d7a4-4fac-a838-8a5a37a4b083:
size:
width: 60
height: 60
position:
x: 127
'y': 160
z: 0
Resources:
ECSRole:
Type: AWS::IAM::Role
Properties:
AssumeRolePolicyDocument:
Statement:
- Effect: Allow
Principal:
Service: [ecs.amazonaws.com]
Action: ['sts:AssumeRole']
Path: /
Policies:
- PolicyName: ecs-service
PolicyDocument:
Statement:
- Effect: Allow
Action:
- 'ec2:AttachNetworkInterface'
- 'ec2:CreateNetworkInterface'
- 'ec2:CreateNetworkInterfacePermission'
- 'ec2:DeleteNetworkInterface'
- 'ec2:DeleteNetworkInterfacePermission'
- 'ec2:Describe*'
- 'ec2:DetachNetworkInterface'
- 'elasticloadbalancing:DeregisterInstancesFromLoadBalancer'
- 'elasticloadbalancing:DeregisterTargets'
- 'elasticloadbalancing:Describe*'
- 'elasticloadbalancing:RegisterInstancesWithLoadBalancer'
- 'elasticloadbalancing:RegisterTargets'
Resource: '*'
Outputs:
ECSTaskRoleId:
Description: ECSRoleId
Value: !GetAtt
- ECSRole
- RoleId
Export:
Name: !Join [ ':', [ !Ref 'AWS::StackName', ECSTaskRoleId ] ]
ECSTaskRoleIdECSRole:
Description: The ARN of the ECS role
Value: !GetAtt 'ECSRole.Arn'
Export:
Name: !Join [ ':', [ !Ref 'AWS::StackName', 'ECSRole' ] ]
**
堆栈2:* *
Resources:
SNSRWPolicy:
Type: 'AWS::IAM::Policy'
Properties:
Role :
- Fn::ImportValue: 'testk2:ECSTaskRoleId'
PolicyName: test-snspolicy
PolicyDocument:
Statement:
- Effect: Allow
Action:
- 'sns:Publish'
- 'kms:Decrypt'
- 'kms:GenerateDataKey'
Metadata:
'AWS::CloudFormation::Designer':
id: c5c7c890-30c7-470d-9233-57b8bd630856
我正在得到低于错误
无法找到名称为AROA3RRAFXNEDPVQKOLIW的角色。(服务:AmazonIdentityManagement;状态码:404;错误码:NoSuchEntity;请求ID: d5ad937f-94c3-458e-a803-0c37258e05f1;代理:null)
如何导入IAM::Role将策略附加到另一个栈中?初学者在CloudFormation:(
问题是Type: 'AWS::IAM::Policy'属性Roles需要一个Rolenameandnot role ID.
CloudFormation对名称和ID非常敏感。所以一定要确保你提到了正确的属性。
Outputs:
ECSTaskRole:
Description: The ECSRole name
Value: !Ref ECSRole
因此,当导出时,它将导出名称和importValue将正确地取名称。
AWS:
:我::政策角色