AmazonRDSEnhancedMonitoringRole的Cloudformation模板 [英] Cloudformation template for AmazonRDSEnhancedMonitoringRole

问题描述

我正在尝试通过Cloudformation模板启动RDS堆栈。我想在数据库实例上启用增强监控。为此，必须在资源上指定 MonitoringRoleArn 属性。

I am attempting to spin up an RDS stack via a Cloudformation template. I would like to enable Enhanced Monitoring on my DB instances. In order to do that, the MonitoringRoleArn property must be specified on the resource.

据我了解，此ARN应该指向已授予 AmazonRDSEnhancedMonitoringRole 策略的IAM服务角色，如此处所述：

As I understand it, this ARN should point to an IAM Service Role that has been given the AmazonRDSEnhancedMonitoringRole policy, as described here:

http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_Monitoring.OS.html

我最好也可以通过Cloudformation创建该角色。但是，对我而言，我无法在Cloudformation模板中找到如何执行此操作的示例。事实证明，Cloudformer工具不会分析IAM资源。

I would ideally like to also create that role via Cloudformation. For the life of me, however, I can not find an example of how to do this in a Cloudformation template. And it turns out that the Cloudformer tool does not analyze IAM resources.

有人这样做吗？可以分享一个例子吗？

Has anyone done this? Can you share an example?

推荐答案

在YAML中：

Role:
  Type: 'AWS::IAM::Role'
  Properties:
    ManagedPolicyArns:
    - 'arn:aws:iam::aws:policy/service-role/AmazonRDSEnhancedMonitoringRole'
    AssumeRolePolicyDocument:
      Version: '2008-10-17'
      Statement:
      - Effect: Allow
        Principal:
          Service: 'rds.amazonaws.com'
        Action: 'sts:AssumeRole'

然后您需要像这样在RDS实例的MonitoringRoleArn属性中引用角色：

You then need to reference the role in your RDS instance's MonitoringRoleArn property like this:

!GetAtt ["Role", "Arn"]

如果您需要JSON中的示例，请告诉我。

If you need the example in JSON let me know.

这篇关于AmazonRDSEnhancedMonitoringRole的Cloudformation模板的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！