获取服务:AmazonIdentityManagement;状态码:400;错误代码:创建 Cloudformation 堆栈时的 MalformedPolicyDocument [英] Getting Service: AmazonIdentityManagement; Status Code: 400; Error Code: MalformedPolicyDocument for while creating Cloudformation stack
问题描述
我正在尝试为 ECR 和 ELB 创建云形成模板,我将我的图像分别推送到 ECR.在 Dockerrun.json 中,我像这样引用我的图像图像":.dkr.ecr.ap-south-1.amazonaws.com/*:latest".所以我需要为 ELB 和 ECR 提供 IAM 权限.但是此模板中的 IAM 部分存在一些问题.创建堆栈时出现此错误.是否需要修复?
I am trying to create cloud formation template for ECR and ELB, I pushed my image to ECR separately. In Dockerrun.json, I referred to my image like this "image": ".dkr.ecr.ap-south-1.amazonaws.com/*:latest". So I need to provide IAM permission for both ELB and ECR. But there is some issue with IAM part in this template. Getting this error while creating the stack. Is any fixes is required?
Syntax errors in policy. (Service: AmazonIdentityManagement; Status Code: 400; Error Code: MalformedPolicyDocument; Request ID: 8b9b3f05-51c9-41e1-b008-c59aa319c086; Proxy: null)
Resources:
sampleApplication:
Type: AWS::ElasticBeanstalk::Application
Properties:
Description: AWS Elastic Beanstalk Sample Application
sampleApplicationVersion:
Type: AWS::ElasticBeanstalk::ApplicationVersion
Properties:
ApplicationName:
Ref: sampleApplication
Description: AWS ElasticBeanstalk Sample Application Version
SourceBundle:
S3Bucket: !Sub "elasticbeanstalk-ap-south-1-182107200133"
S3Key: TravelTouch/Dockerrun.aws.json
MyRepository:
Type: AWS::ECR::Repository
Properties:
RepositoryName: "182107200133.dkr.ecr.ap-south-1.amazonaws.com/socialbox"
sampleConfigurationTemplate:
Type: AWS::ElasticBeanstalk::ConfigurationTemplate
Properties:
ApplicationName:
Ref: sampleApplication
Description: AWS ElasticBeanstalk Sample Configuration Template
OptionSettings:
- Namespace: aws:autoscaling:asg
OptionName: MinSize
Value: '2'
- Namespace: aws:autoscaling:asg
OptionName: MaxSize
Value: '6'
- Namespace: aws:elasticbeanstalk:environment
OptionName: EnvironmentType
Value: LoadBalanced
- Namespace: aws:autoscaling:launchconfiguration
OptionName: IamInstanceProfile
Value: !Ref MyInstanceProfile
SolutionStackName: 64bit Amazon Linux 2018.03 v2.26.0 running Multi-container Docker 19.03.13-ce (Generic)
sampleEnvironment:
Type: AWS::ElasticBeanstalk::Environment
Properties:
ApplicationName:
Ref: sampleApplication
Description: AWS ElasticBeanstalk Sample Environment
TemplateName:
Ref: sampleConfigurationTemplate
VersionLabel:
Ref: sampleApplicationVersion
MyInstanceRole:
Type: AWS::IAM::Role
Properties:
AssumeRolePolicyDocument:
Version: 2012-10-17
Statement:
- Effect: Allow
Principal:
Service:
- ec2.amazonaws.com
Action:
- sts:AssumeRole
Description: Beanstalk EC2 role
ManagedPolicyArns:
- arn:aws:iam::aws:policy/AWSElasticBeanstalkWebTier
- arn:aws:iam::aws:policy/AWSElasticBeanstalkMulticontainerDocker
- arn:aws:iam::aws:policy/AWSElasticBeanstalkWorkerTier
Policies:
- PolicyName: AllowGetAuthorizationToken
PolicyDocument: |
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "ECSAccess",
"Effect": "Allow",
"Action": [
"ecr:GetAuthorizationToken",
],
"Resource": "*"
}
]
}
MyInstanceProfile:
Type: AWS::IAM::InstanceProfile
Properties:
Roles:
- !Ref MyInstanceRole
推荐答案
, 放错地方了.而不是:
There is , in the wrong place. Instead of:
"ecr:GetAuthorizationToken",
应该是(没有逗号):
"ecr:GetAuthorizationToken"
这篇关于获取服务:AmazonIdentityManagement;状态码:400;错误代码:创建 Cloudformation 堆栈时的 MalformedPolicyDocument的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
