AmazonRDSEnhancedMonitoringRole的Cloudformation模板 [英] Cloudformation template for AmazonRDSEnhancedMonitoringRole
问题描述
我正在尝试通过Cloudformation模板启动RDS堆栈。我想在数据库实例上启用增强监控。为此,必须在资源上指定 MonitoringRoleArn
属性。
I am attempting to spin up an RDS stack via a Cloudformation template. I would like to enable Enhanced Monitoring on my DB instances. In order to do that, the MonitoringRoleArn
property must be specified on the resource.
据我了解,此ARN应该指向已授予 AmazonRDSEnhancedMonitoringRole
策略的IAM服务角色,如此处所述:
As I understand it, this ARN should point to an IAM Service Role that has been given the AmazonRDSEnhancedMonitoringRole
policy, as described here:
http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_Monitoring.OS.html
我最好也可以通过Cloudformation创建该角色。但是,对我而言,我无法在Cloudformation模板中找到如何执行此操作的示例。事实证明,Cloudformer工具不会分析IAM资源。
I would ideally like to also create that role via Cloudformation. For the life of me, however, I can not find an example of how to do this in a Cloudformation template. And it turns out that the Cloudformer tool does not analyze IAM resources.
有人这样做吗?可以分享一个例子吗?
Has anyone done this? Can you share an example?
推荐答案
在YAML中:
Role:
Type: 'AWS::IAM::Role'
Properties:
ManagedPolicyArns:
- 'arn:aws:iam::aws:policy/service-role/AmazonRDSEnhancedMonitoringRole'
AssumeRolePolicyDocument:
Version: '2008-10-17'
Statement:
- Effect: Allow
Principal:
Service: 'rds.amazonaws.com'
Action: 'sts:AssumeRole'
然后您需要像这样在RDS实例的MonitoringRoleArn属性中引用角色:
You then need to reference the role in your RDS instance's MonitoringRoleArn property like this:
!GetAtt ["Role", "Arn"]
如果您需要JSON中的示例,请告诉我。
If you need the example in JSON let me know.
这篇关于AmazonRDSEnhancedMonitoringRole的Cloudformation模板的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!