如何解决使用 CloudFormation 创建 BeanStalk 应用程序时,如何解决“IAM PassRole Action 权限不足”的问题?
当我尝试使用 CloudFormation 创建弹性 beanstalk 应用程序时,资源创建失败:
Insufficient privileges for IAM PassRole Action. (Service: AWSElasticBeanstalk; Status Code: 403; Error Code: InsufficientPrivilegesException; Request ID: [...]; Proxy: null)
我该如何解决这个问题?
CloudFormation 模板:
BeanStalkServiceRole:
Type: AWS::IAM::Role
Properties:
AssumeRolePolicyDocument:
Version: 2012-10-17
Statement:
- Action: sts:AssumeRole
Effect: Allow
Principal:
Service: elasticbeanstalk.amazonaws.com
Condition:
StringEquals:
'sts:ExternalId': elasticbeanstalk
ManagedPolicyArns:
- arn:aws:iam::aws:policy/AWSElasticBeanstalkManagedUpdatesCustomerRolePolicy
- arn:aws:iam::aws:policy/service-role/AWSElasticBeanstalkEnhancedHealth
BeanStalkApplication:
Type: AWS::ElasticBeanstalk::Application
Properties:
Description: Java Backend
ResourceLifecycleConfig:
ServiceRole: !Ref BeanStalkServiceRole
VersionLifecycleConfig:
MaxAgeRule:
DeleteSourceFromS3: true
Enabled: true
MaxAgeInDays: 30
解决方法
ServiceRole
属性必须指向角色 ARN,即 !GetAtt BeanStalkServiceRole.Arn
而不是 !Ref BeanStalkServiceRole
:
BeanStalkApplication:
Type: AWS::ElasticBeanstalk::Application
Properties:
Description: Java Backend
ResourceLifecycleConfig:
ServiceRole: !GetAtt BeanStalkServiceRole.Arn
VersionLifecycleConfig:
MaxAgeRule:
DeleteSourceFromS3: true
Enabled: true
MaxAgeInDays: 30
感谢https://github.com/hashicorp/terraform-provider-aws/issues/17576
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 dio@foxmail.com 举报,一经查实,本站将立刻删除。