Cloudformation存储桶策略

Cloudformation存储桶策略

本文介绍了Cloudformation存储桶策略-“声明缺少必需元素”的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我有要部署到CloudFormation的S3存储桶和策略。

I have this S3 Bucket and Policy that I am deploying to CloudFormation.

Resources:
  ReportsBucket:
    Type: AWS::S3::Bucket

  BucketPolicy:
    Type: AWS::S3::BucketPolicy
    Properties:
      Bucket: !Ref ReportsBucket
      PolicyDocument:
        Id: ReportPolicy
        Version: "2012-10-17"
        Statement:
          - Sid: ReportBucketPolicyDoc
            Effect: Allow
            Action: "s3:*"
            Principal:
              AWS: !Join ['', ["arn:aws:iam::", !Ref "AWS::AccountId", ":root"]]
            Resource: !Join ['', ['arn:aws:s3:::', !Ref S3Bucket, '/*']]

失败,

UPDATE_ROLLBACK_IN_PROGRESS AWS::CloudFormation::Stack  {my stack name} The following resource(s) failed to create: [BucketPolicy].
CREATE_FAILED   AWS::S3::BucketPolicy   BucketPolicy    Statement is missing required element

出了什么问题我的政策?

What's wrong with my policy?

推荐答案

它有两个问题:


  • 第一行中缺少 AWSTemplateFormatVersion 必需元素

  • S3Bucket 应该是 ReportsBucket

  • Missing AWSTemplateFormatVersion on the first line (the required element)
  • Reference to S3Bucket that should be ReportsBucket

更新版本:

AWSTemplateFormatVersion: 2010-09-09
Resources:
  ReportsBucket:
    Type: AWS::S3::Bucket

  BucketPolicy:
    Type: AWS::S3::BucketPolicy
    Properties:
      Bucket: !Ref ReportsBucket
      PolicyDocument:
        Id: ReportPolicy
        Version: "2012-10-17"
        Statement:
          - Sid: ReportBucketPolicyDoc
            Effect: Allow
            Action: "s3:*"
            Principal:
              AWS: !Join ['', ["arn:aws:iam::", !Ref "AWS::AccountId", ":root"]]
            Resource: !Join ['', ['arn:aws:s3:::', !Ref ReportsBucket, '/*']]

这篇关于Cloudformation存储桶策略-“声明缺少必需元素”的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!

09-06 04:22