因此,我一直在尝试在 AWS CDK 中为 CodeBuild 和 CodePipeline 编写 IAM 角色。
我需要它是公开的,这样我就可以在他们自己的声明中引用它们。
我还尝试从我的代码中生成一个简单的 CloudFormation 模板,但没有成功上传它。有同样的错误。
AssumeRolepolicy contained an invalid principal: "STAR":"*"
const codeBuildRoleName = `${parameters.environment}CodeBuildRole`;
const codeBuildRole = new Role(this, codeBuildRoleName, {
assumedBy: new AnyPrincipal(),
roleName: codeBuildRoleName,
});
const codeBuildRolePolicy = `${parameters.environment}CodeBuildRolePolicy`;
codeBuildRole.attachInlinePolicy(new Policy(this, codeBuildRolePolicy , {
statements: [
new PolicyStatement({
effect: Effect.ALLOW,
resources: ['*'],
actions: ['iam:PassRole']
}),
new PolicyStatement({
effect: Effect.ALLOW,
resources: ['*'],
actions: ['codebuild:*']
}),
new PolicyStatement({
effect: Effect.ALLOW,
resources: ['*'],
actions: [
'logs:FilterLogEvents',
'logs:GetLogEvents',
'logs:CreateLogStream',
'logs:CreateLogGroup',
'logs:PutLogEvents',
]
}),
new PolicyStatement({
effect: Effect.ALLOW,
resources: ['*'],
actions: [
'apigateway:PATCH',
'apigateway:GET',
'apigateway:POST',
'iam:*',
'cloudformation:*',
's3:*',
'cognito-idp:*',
]
})
]
}));
这是代码,我一直在得到这个。
AssumeRolepolicy contained an invalid principal: "STAR":"*"
而且我无法部署任何东西。
创建Role时,请尝试传递ServicePrincipal而不是像这样传递AnyPrincipal:
const codeBuildRole = new Role(this, codeBuildRoleName, {
assumedBy: new ServicePrincipal(service: "codebuild.amazonaws.com"),
roleName: codeBuildRoleName,
});
我现在无法对此进行测试,但我认为这应该可以解决问题。