我的云形式堆栈失败,并且由于以下S3存储措施策略而不断退缩。引用的S3存储桶是一个用于CloudTrail日志的单独存储桶(因为我读到使用CloudTrail时这样的东西是最佳实践)。在云形式过程中,该存储桶与其余的堆栈一起创建:[stackName] -cloudtraillogs- [Randomstring]
我尝试不使用任何功能来指定存储桶,但这似乎不起作用。我的猜测是因为它然后去寻找一个" CloudTraillogs"的水桶,并且找不到任何名称的水桶。使用fn ::加入引用可以解决(?),但是云形式在评估存储桶策略时会给"未知字段fn :: join"。
任何人可以发现我可能在这里做错什么的人
bucketpolicy
{
"Resources": {
"policycloudtraillogs": {
"Type": "AWS::S3::BucketPolicy",
"Properties": {
"Bucket": {
"Ref": "cloudtraillogs"
},
"PolicyDocument": {
"Statement": [
{
"Sid": "AWSCloudTrailAclCheck20160224",
"Effect": "Allow",
"Principal": {
"Service": "cloudtrail.amazonaws.com"
},
"Action": "s3:GetBucketAcl",
"Resource": {
"Fn::Join": [
"",
[
"arn:aws:s3:::",
{
"Ref": "cloudtraillogs"
},
"/*"
]
]
},
{
"Sid": "AWSCloudTrailWrite20160224",
"Effect": "Allow",
"Principal": {
"Service": "cloudtrail.amazonaws.com"
},
"Action": "s3:PutObject",
"Resource": {
"Fn::Join": [
"",
[
"arn:aws:s3:::",
{
"Ref": "cloudtraillogs"
},
"/AWSLogs/myAccountID/*"
]
]
},
"Condition": {
"StringEquals": {
"s3:x-amz-acl": "bucket-owner-full-control"
}
}
}
]
}
}
}
}
}
您的模板似乎不是有效的JSON。您的第一个策略语句(AWSCloudTrailAclCheck20160224
)缺少其Resource
对象的关闭括号}
。