问题描述
这是我在Cloud9中 template.yml
的代码的一部分:
This is part of the code of my template.yml
in Cloud9:
Type: 'AWS::Serverless::Function'
Properties:
Handler: index.handler
Runtime: nodejs6.10
CodeUri: .
Description: Updates records in the AppConfig table.
MemorySize: 128
Timeout: 3
Role: 'arn:aws:iam::579913947261:role/FnRole'
Events:
Api1:
Type: Api
Properties:
当我在Cloud9中提交更改时,在CodePipeline上部署失败尝试 ExecuteChangeSet
进行部署阶段。我收到此错误:
When I commit the changes in Cloud9, deployment fails at CodePipeline Deploy stage while trying ExecuteChangeSet
. I get this error:
有人可以帮助吗?
推荐答案
来自该日志可以告诉您需要为堆栈的CloudFormation角色分配什么策略( iam:PassRole
)( CodeStarWorker-AppConfig-CloudFormation
)。
From this log you can tell what policy (iam:PassRole
) needs to be assigned to the CloudFormation role for your stack (CodeStarWorker-AppConfig-CloudFormation
).
您应该:
- 开始
IAM>角色
- 搜索类型
CodeStarWorker-AppConfig-CloudFormation
- 打开该角色并转到
权限
- 找到
CodeStarWorkerCloudFormationRolePolicy
,将其展开,请转到编辑策略
- 在此部分的资源下方,添加您的角色的ARN(
arn:aws: iam :: 579913947261:role / FnRole
),如果您没有该部分,则只需复制并粘贴该部分,但是在资源
下使用您的ARN
- Go
IAM > Roles
- Type in search
CodeStarWorker-AppConfig-CloudFormation
- Open that role and go to
Permissions
- Find
CodeStarWorkerCloudFormationRolePolicy
, expand it, goEdit policy
- In this following section under resources add ARN of your role (
arn:aws:iam::579913947261:role/FnRole
), if you don't have that section just copy and paste this, but underResources
use yours ARNs.
政策:
{
"Action": [
"iam:PassRole"
],
"Resource": [
"arn:aws:iam::156478935478:role/CodeStarWorker-AppConfig-Lambda",
"arn:aws:iam::579913947261:role/FnRole"
],
"Effect": "Allow"
}
如果您想将该权限分配给所有资源(资源: *
)在下面的以下部分中找到操作会添加您要分配的权限:
If you want to assign that permission to all resources ("Resource": "*"
) find this following section and above under actions add the permission you want to assign:
"Resource": "*",
"Effect": "Allow"
您可以将其应用于要分配给资源的CloudFormation的所有其他权限。
You can do apply this for all others permissions you want to assign to CloudFormation for your resources.
这篇关于未授权CloudFormation执行:资源上的iam:PassRole的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!