我正在关注本教程:
https://docs.aws.amazon.com/amazonecs/latest/developerguide/ecs-cli-tutorial-fargate.html
策略的JSON如图所示:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "",
"Effect": "Allow",
"Principal": {
"Service": "ecs-tasks.amazonaws.com"
},
"Action": "sts:AssumeRole"
}
]
}
但是当我运行时:
aws iam --region us-west-2 create-role --role-name ecsTaskExecutionRole --assume-role-policy-document task-execution-assume-role.json
我得到:
在调用该错误时发生错误 Createrole操作:此政策包含无效的JSON
我知道filepath是正确的,因为如果错了,我会遇到不同的错误。起初,我认为这是"无效的JSON",因为" SID"是一个空字符串,我删除了该属性并遇到了相同的错误。
有人知道这里怎么了吗?
您需要将assume-role-policy-document
指定为file://task-execution-assume-role.json
。
从您链接的文档中
aws iam-Region US-West-2 Create-lole--lole-name ecstaskexecutionRole -Assume-lole-Policy-Policy-document File://task-execution-absume-Ambume-role.json
由于缺少file://
...
aws iam --region us-west-2 create-role
--role-name ecsTaskExecutionRole
--assume-role-policy-document task-execution-assume-role.json
An error occurred (MalformedPolicyDocument) when calling the CreateRole operation: This policy contains invalid Json
随着添加的 file://
,创建通过
aws iam --region us-west-2 create-role
--role-name ecsTaskExecutionRole
--assume-role-policy-document file://task-execution-assume-role.json
{
"Role": {
"AssumeRolePolicyDocument": {
"Version": "2012-10-17",
"Statement": [
{
"Action": "sts:AssumeRole",
"Effect": "Allow",
"Principal": {
"Service": "ecs-tasks.amazonaws.com"
}
}
]
},
"RoleId": "AROA2ZHAP3GUV5UTOV5ZF",
"CreateDate": "2019-07-31T23:15:04Z",
"RoleName": "ecsTaskExecutionRole",
"Path": "/",
"Arn": "arn:aws:iam::*******:role/ecsTaskExecutionRole"
}
}
如果在同一文件夹中具有文件,则可以执行如下。
aws iam create-role --role-name TestRole --assume-role-policy-document file://./IAM_Trust_Policy.json --profile XXX-XXX
此处文件 iam_trust_policy.json 位于同一文件夹中,被称为 file://./iam_trust_policy.json
是的,这不是清楚地记录的 - 您需要在file://
TAG之后提供JSON的文件路径
例如file:///Users/user/Desktop/trust-policy.json
{&quot" id":'polity'polition1650533705078&quot ,,"版本":" 2012-10-17"&quot"陈述&quot&quot&quot [[{&quot" sid":; quot'stmt1650533484709&quot"行动&quot":[&quot s3:getObject;],,"效果":"允许"&quot"资源&quot":" aws:s3 ::: mys3staticwebstiehosting/&quort;"校长":" "}这是给出的}