如何解决尝试删除参数时出现lambda错误
我用本文来创建堆栈。
但是出现错误:
用户: arn:aws:sts :: xxx:假定角色/删除当前删除后删除CFNLambda执行-T1WHQG2UTLWM /删除CFNLambda删除当前 无权执行以下操作:资源上的ssm:DeleteParameter: arn:aws:ssm:us-east-1:xxx:parameter / CFN-DemoParameter-plOl5Hg4QuI5 (服务:AmazonSSM;状态代码:400;错误代码: AccessDeniedException;
可以在此处查看模板...
https://datameetgeobk.s3.amazonaws.com/cftemplates/delete_after_5m.template
任何纠正错误的建议将不胜感激。
解决方法
该错误表明您的lambda执行角色无权执行ssm:DeleteParameter角色。因此,您可以向lambda角色添加缺少的权限:
Resources:
DeleteCFNLambdaExecutionRole:
Type: "AWS::IAM::Role"
Properties:
AssumeRolePolicyDocument:
Version: "2012-10-17"
Statement:
- Effect: "Allow"
Principal:
Service: ["lambda.amazonaws.com"]
Action: "sts:AssumeRole"
Path: "/"
Policies:
- PolicyName: "lambda_policy"
PolicyDocument:
Version: "2012-10-17"
Statement:
- Effect: "Allow"
Action:
- "logs:CreateLogGroup"
- "logs:CreateLogStream"
- "logs:PutLogEvents"
Resource: "arn:aws:logs:*:*:*"
- Effect: "Allow"
Action:
- "cloudformation:DeleteStack"
Resource: !Sub "arn:aws:cloudformation:${AWS::Region}:${AWS::AccountId}:stack/${StackName}/*"
- Effect: "Allow"
Action:
- "ssm:DeleteParameter"
Resource: "*"
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 dio@foxmail.com 举报,一经查实,本站将立刻删除。
