创建 S3 存储桶策略时出错 - 属性 PolicyDocument 的值必须是一个对象
Error when creating S3 bucket policy - Value of property PolicyDocument must be an object
我正在尝试通过无服务器应用程序创建 cloudTrail。
CloudTrail:
Type: AWS::CloudTrail::Trail
Properties:
# CloudWatchLogsLogGroupArn: "String"
# CloudWatchLogsRoleArn: "String"
# EnableLogFileValidation: True
# EventSelectors:
# - EventSelector
# IncludeGlobalServiceEvents: True
IsLogging: True
# IsMultiRegionTrail: True
# KMSKeyId: String
S3BucketName: {"Ref" : "CloudTrailBucket"}
# S3KeyPrefix: String
# SnsTopicName: String
# Tags:
# - Tag
# TrailName: String
首先我尝试单独创建 cloudTrail 并得到以下错误
CloudTrail - Incorrect S3 bucket policy is detected for bucket: ....
然后我添加了这段代码来创建一个策略
CloudTrailBucketPolicy:
# Version : 2012-10-17,
Type: AWS::S3::BucketPolicy
Properties:
PolicyDocument:
- Action:
- "s3:GetBucketAcl"
Effect: Allow
Resource: { "Fn::Join": ["", ["arn:aws:s3:::CloudTrailBucket"] ] }
Principal: "*"
- Action:
- "s3:PutObject"
Effect: Allow
Resource: { "Fn::Join": ["", ["arn:aws:s3:::CloudTrailBucket", "/*" ] ] }
Principal:
Service: cloudtrail.amazonaws.com
但是出现这个错误。
An error occurred: CloudTrailBucketPolicy - Value of property PolicyDocument must be an object.
你忘记了Statement:
CloudTrailBucketPolicy:
# Version : 2012-10-17,
Type: AWS::S3::BucketPolicy
Properties:
Bucket: !Ref CloudTrailBucket
PolicyDocument:
Statement:
- Action:
- "s3:GetBucketAcl"
Effect: Allow
Resource: { "Fn::Join": ["", ["arn:aws:s3:::", !Ref CloudTrailBucket] ] }
Principal: "*"
- Action:
- "s3:PutObject"
Effect: Allow
Resource: { "Fn::Join": ["", ["arn:aws:s3:::", !Ref CloudTrailBucket, "/*" ] ] }
Principal:
Service: cloudtrail.amazonaws.com
我正在尝试通过无服务器应用程序创建 cloudTrail。
CloudTrail:
Type: AWS::CloudTrail::Trail
Properties:
# CloudWatchLogsLogGroupArn: "String"
# CloudWatchLogsRoleArn: "String"
# EnableLogFileValidation: True
# EventSelectors:
# - EventSelector
# IncludeGlobalServiceEvents: True
IsLogging: True
# IsMultiRegionTrail: True
# KMSKeyId: String
S3BucketName: {"Ref" : "CloudTrailBucket"}
# S3KeyPrefix: String
# SnsTopicName: String
# Tags:
# - Tag
# TrailName: String
首先我尝试单独创建 cloudTrail 并得到以下错误
CloudTrail - Incorrect S3 bucket policy is detected for bucket: ....
然后我添加了这段代码来创建一个策略
CloudTrailBucketPolicy:
# Version : 2012-10-17,
Type: AWS::S3::BucketPolicy
Properties:
PolicyDocument:
- Action:
- "s3:GetBucketAcl"
Effect: Allow
Resource: { "Fn::Join": ["", ["arn:aws:s3:::CloudTrailBucket"] ] }
Principal: "*"
- Action:
- "s3:PutObject"
Effect: Allow
Resource: { "Fn::Join": ["", ["arn:aws:s3:::CloudTrailBucket", "/*" ] ] }
Principal:
Service: cloudtrail.amazonaws.com
但是出现这个错误。
An error occurred: CloudTrailBucketPolicy - Value of property PolicyDocument must be an object.
你忘记了Statement:
CloudTrailBucketPolicy:
# Version : 2012-10-17,
Type: AWS::S3::BucketPolicy
Properties:
Bucket: !Ref CloudTrailBucket
PolicyDocument:
Statement:
- Action:
- "s3:GetBucketAcl"
Effect: Allow
Resource: { "Fn::Join": ["", ["arn:aws:s3:::", !Ref CloudTrailBucket] ] }
Principal: "*"
- Action:
- "s3:PutObject"
Effect: Allow
Resource: { "Fn::Join": ["", ["arn:aws:s3:::", !Ref CloudTrailBucket, "/*" ] ] }
Principal:
Service: cloudtrail.amazonaws.com