AWS 创建角色 - 已禁止字段 [英] AWS create role - Has prohibited field
问题描述
我正在尝试 AWS 文档建议的一个简单示例,以使用策略 json 文件创建角色http://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create_for-service.html我得到了错误
I am trying out a simple example suggested by AWS documentation to create a role using a policy json file http://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create_for-service.html And I get the error
A client error (MalformedPolicyDocument) occurred when calling the CreateRole operation: Has prohibited field Resource
这是命令,
>> aws iam create-role --role-name test-service-role --assume-role-policy-document file:///home/ec2-user/policy.json
A client error (MalformedPolicyDocument) occurred when calling the CreateRole operation: Has prohibited field Resource
策略与示例中提到的完全相同
The policy is the exact same as the one mentioned in the example
>> cat policy.json
{
"Version": "2012-10-17",
"Statement": {
"Effect": "Allow",
"Action": "s3:ListBucket",
"Resource": "arn:aws:s3:::example_bucket"
}
}
我的版本好像是最新的
>> aws --version
aws-cli/1.9.9 Python/2.7.10 Linux/4.1.10-17.31.amzn1.x86_64 botocore/1.3.9
推荐答案
策略文档应该是这样的:
The policy document should be something like:
{
"Version": "2012-10-17",
"Statement": {
"Effect": "Allow",
"Principal": {"Service": "ec2.amazonaws.com"},
"Action": "sts:AssumeRole"
}
}
这称为信任关系策略文档.这与政策文件不同.无论您粘贴的是附加到角色的策略,该策略使用 附加角色策略
This is called a trust relationship policy document. This is different from a policy document. Whatever you have pasted is for the policy attached to a role which is done using attach role policy
您粘贴的链接中甚至给出了上述角色文档.这应该有效.我已经研究过角色和政策,我可以肯定地说.
Even the above role document is given in the link you have pasted. This should work. I have worked on roles and policies and I can say with certainty.
即使在 AWS 控制台中,对于角色,您也可以看到有一个单独的用于信任关系的选项卡.此外,您当前在权限选项卡中附加了策略.
Even in the AWS console, for roles you can see that there is a separate tab for trust relationship. Also you have currently attached policies in the permissions tab.
这篇关于AWS 创建角色 - 已禁止字段的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!