如何解决Cfn-Lint:属性“ExecutionRoleArn”在 Resources/TaskDefinition/Properties/ExecutionRoleArn/Ref
我正在构建一个 cloudformation 模板来在 AWS 上运行 ECS 集群和 ECS 任务。
我还使用带有插件 Cfn-Lint 的 Atom 文本编辑器。
我在 Atom 文本编辑器中的 cfn linter 验证中遇到以下问题,如图所示。
Resources:
# A role needed by ECS
ExecutionRole:
Type: AWS::IAM::Role
Properties:
RoleName: !Join ['',[!Ref ServiceName,ExecutionRole]]
AssumeRolePolicyDocument:
Statement:
- Effect: Allow
Principal:
Service: [ecs-tasks.amazonaws.com]
Action: ['sts:AssumeRole']
ManagedPolicyArns:
- 'arn:aws:iam::aws:policy/service-role/AmazonECSTaskExecutionRolePolicy'
TaskDeFinition:
Type: AWS::ECS::TaskDeFinition
# Makes sure the log group is created before it is used.
Properties:
# Name of the task deFinition. Subsequent versions of the task deFinition are grouped together under this name.
Family: !Join ['',TaskDeFinition]]
# awsvpc is required for Fargate
NetworkMode: awsvpc
RequiresCompatibilities:
- FARGATE
# 256 (.25 vcpu) - Available memory values: 0.5GB,1GB,2GB
# 512 (.5 vcpu) - Available memory values: 1GB,2GB,3GB,4GB
# 1024 (1 vcpu) - Available memory values: 2GB,4GB,5GB,6GB,7GB,8GB
# 2048 (2 vcpu) - Available memory values: Between 4GB and 16GB in 1GB increments
# 4096 (4 vcpu) - Available memory values: Between 8GB and 30GB in 1GB increments
cpu: "2048"
# 0.5GB,2GB - Available cpu values: 256 (.25 vcpu)
# 1GB,4GB - Available cpu values: 512 (.5 vcpu)
# 2GB,8GB - Available cpu values: 1024 (1 vcpu)
# Between 4GB and 16GB in 1GB increments - Available cpu values: 2048 (2 vcpu)
# Between 8GB and 30GB in 1GB increments - Available cpu values: 4096 (4 vcpu)
Memory: 8GB
# A role needed by ECS.
# "The ARN of the task execution role that containers in this task can assume. All containers in this task are granted the permissions that are specified in this role."
# "There is an optional task execution IAM role that you can specify with Fargate to allow your Fargate tasks to make API calls to Amazon ECR."
ExecutionRoleArn: !Ref ExecutionRole
最后一行代码 ExecutionRoleArn: !Ref ExecutionRole
给出了 Cfn-Lint Atom 插件中的错误。
尽管模板成功运行并创建了部署。
解决方法
要获得 Arn
,您必须使用 GetAtt 内在函数:
ExecutionRoleArn: !GetAtt ExecutionRole.Arn
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 dio@foxmail.com 举报,一经查实,本站将立刻删除。