简单 StackPolicy 在 CloudFormation 上总是无效
Simple StackPolicy always invalid on CloudFormation
我一直在尝试上传以下堆栈策略:
{
"StackPolicy" : {
"Statement" : [
{
"Effect" : "Allow",
"Action" : "Update:*",
"Principal": "*",
"Resource" : "*"
},
{
"Effect" : "Deny",
"Action" : "Update:*",
"Principal": "*",
"Resource" : "LogicalResourceId/ReleaseDeploy"
}
]
}
}
但是我收到了
我也将其简化为仅对所有 Resources 产生 Allow 效果并删除了所有空格,但仍然出现错误。我究竟做错了什么?
{"StackPolicy":{"Statement":[{"Effect":"Allow", "Action":"Update:*", "Principal":"*", "Resource":"*"}]}}
查看提供的示例 here 看起来 StackPolicy 键不应该存在,您的 JS 对象中似乎有 1 个多余级别。另请查看并检查提供 Version 属性是否有所不同。
政策的示例:
{
"Version":"2012-10-17",
"Statement":[{
"Effect":"Allow",
"Action":[
"cloudformation:*"
],
"Resource":"*"
},
{
"Effect":"Deny",
"Action":[
"cloudformation:UpdateStack",
"cloudformation:DeleteStack"
],
"Resource":"arn:aws:cloudformation:us-east-1:123456789012:stack/MyProductionStack/*"
}]
}
我一直在尝试上传以下堆栈策略:
{
"StackPolicy" : {
"Statement" : [
{
"Effect" : "Allow",
"Action" : "Update:*",
"Principal": "*",
"Resource" : "*"
},
{
"Effect" : "Deny",
"Action" : "Update:*",
"Principal": "*",
"Resource" : "LogicalResourceId/ReleaseDeploy"
}
]
}
}
但是我收到了
我也将其简化为仅对所有 Resources 产生 Allow 效果并删除了所有空格,但仍然出现错误。我究竟做错了什么?
{"StackPolicy":{"Statement":[{"Effect":"Allow", "Action":"Update:*", "Principal":"*", "Resource":"*"}]}}
查看提供的示例 here 看起来 StackPolicy 键不应该存在,您的 JS 对象中似乎有 1 个多余级别。另请查看并检查提供 Version 属性是否有所不同。
政策的示例:
{
"Version":"2012-10-17",
"Statement":[{
"Effect":"Allow",
"Action":[
"cloudformation:*"
],
"Resource":"*"
},
{
"Effect":"Deny",
"Action":[
"cloudformation:UpdateStack",
"cloudformation:DeleteStack"
],
"Resource":"arn:aws:cloudformation:us-east-1:123456789012:stack/MyProductionStack/*"
}]
}