AWS创建角色-已禁止字段 [英] AWS create role - Has prohibited field

问题描述

我正在尝试一个AWS文档建议的简单示例，以使用策略json文件创建角色 http://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create_for-service.html 而且我得到了错误

I am trying out a simple example suggested by AWS documentation to create a role using a policy json file http://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create_for-service.html And I get the error

A client error (MalformedPolicyDocument) occurred when calling the CreateRole operation: Has prohibited field Resource

这是命令，

>> aws iam create-role --role-name test-service-role --assume-role-policy-document file:///home/ec2-user/policy.json
A client error (MalformedPolicyDocument) occurred when calling the CreateRole operation: Has prohibited field Resource

该政策与示例中提到的政策完全相同

The policy is the exact same as the one mentioned in the example

>> cat policy.json 
{
  "Version": "2012-10-17",
  "Statement": {
    "Effect": "Allow",
    "Action": "s3:ListBucket",
    "Resource": "arn:aws:s3:::example_bucket"
  }
}

我的版本似乎是最新的

>> aws --version
aws-cli/1.9.9 Python/2.7.10 Linux/4.1.10-17.31.amzn1.x86_64 botocore/1.3.9

推荐答案

策略文档应类似于:

{
  "Version": "2012-10-17",
  "Statement": {
    "Effect": "Allow",
    "Principal": {"Service": "ec2.amazonaws.com"},
    "Action": "sts:AssumeRole"
  }
}

这称为信任关系策略文档.这与政策文件不同.无论您粘贴的内容是针对使用附加角色政策

This is called a trust relationship policy document. This is different from a policy document. Whatever you have pasted is for the policy attached to a role which is done using attach role policy

即使您粘贴的链接中也提供了上述角色文档. 这应该工作.我已经制定了角色和政策，可以肯定地说.

Even the above role document is given in the link you have pasted. This should work. I have worked on roles and policies and I can say with certainty.

即使在AWS控制台中，对于角色，您也可以看到有一个单独的信任关系选项卡.另外，您当前在权限"标签中附加了策略.

Even in the AWS console, for roles you can see that there is a separate tab for trust relationship. Also you have currently attached policies in the permissions tab.

这篇关于AWS创建角色-已禁止字段的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！