如何解决如何解决更新 AWS SSO 分配的错误
我将 SessionDuration 属性添加到 AWS::SSO::PermissionSet 并运行了 CloudFormation 堆栈更新。我在 CloudFormation 控制台的 Events 部分从 CloudFormation 得到的错误:
The following resource(s) Failed to update: [AssignmentGeneral].
Unable to retrieve PermissionSetArn attribute for AWS::SSO::PermissionSet,with error message READ and LIST handlers must return synchronously.
这是模板:
AWstemplateFormatVersion: '2010-09-09'
Parameters:
InstanceArn:
Type: String
Default: arn:aws:sso:::instance/ssoins-1234abcdefg1234
SessionDuration:
Type: String
# PT12H = 12 hours in the ISO-8601 standard
Default: PT12H
Resources:
AssignmentGeneral:
Type: AWS::SSO::Assignment
Properties:
InstanceArn: !Ref InstanceArn
PermissionSetArn: !GetAtt PermissionSetAdmin.PermissionSetArn
PrincipalId: 123456789-1afefjil1-12345678-abcdefg-1234
PrincipalType: GROUP
TargetId: '1234567891'
targettype: AWS_ACCOUNT
PermissionSetAdmin:
Type: AWS::SSO::PermissionSet
Properties:
InstanceArn: !Ref InstanceArn
ManagedPolicies:
- arn:aws:iam::aws:policy/AdministratorAccess
Name: admin
SessionDuration: !Ref SessionDuration
我检查了 PermissionSetArn 的文档并得到:
PermissionSetArn
The ARN of the permission set.
required: Yes
Type: String
Minimum: 10
Maximum: 1224
Pattern: arn:aws:sso:::permissionSet/(sso)?ins-[a-zA-Z0-9-.]{16}/ps-[a-zA-Z0-9-./]{16}
Update requires: Replacement
来源:https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-sso-assignment.html
编辑:我也尝试将 !GetAtt PermissionSetAdmin.PermissionSetArn 替换为
!GetAtt PermissionSetAdmin.Arn 但后来得到了 Requested attribute Arn does not exist in schema for AWS::SSO::PermissionSet。
编辑:我联系了 AWS 支持,内部团队正在修复 API 的逻辑,以使其正常工作,我应该注意https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-sso/issues/8
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 dio@foxmail.com 举报,一经查实,本站将立刻删除。
