AWS IAM Cloudformation YAML 模板错误:不允许 'null' 值
AWS IAM Cloudformation YAML template errror: 'null' values are not allowed
我正在为授予跨账户只读访问权限的 IAM 角色开发 Cloudformation 模板。它也使用托管策略进行只读访问。到目前为止,我已经解决了几个错误,但现在我在尝试验证模板时收到“模板中不允许使用 'null' 值”错误。我认为这是 space 或语法问题,但我不能确定,因为这是我第一次从头开始创建 cloudformation 模板并使用 YAML。
AWSTemplateFormatVersion: '2010-09-09'
Description: AWS CloudFormation template IAM Role for New Relic to have read access to AWS account
Resources:
NewRelicInfrastructure-IntegrationsRole:
Type: AWS::IAM::Role
Properties:
AssumeRolePolicyDocument:
Version: '2012-10-17'
Statement:
Effect: Allow
Principal:
AWS: 11111111
Action: sts:AssumeRole
Condition:
StringEquals:
sts:ExternalId: '11111'
Path: '/'
ManagedPolicyArns: arn:aws:iam::aws:policy/ReadOnlyAccess
RoleName: NewRelicInfrastructure-Integrations2
问题出在 AssumeRolePolicyDocument:。它是必需的,但您将其留空。您还有一个缩进问题,其中 Path、ManagedPolicyArns 和 RoleName 在 Resources 而不是 Properties.
之下
尝试:
AWSTemplateFormatVersion: '2010-09-09'
Description: AWS CloudFormation template IAM Role for New Relic to have read access to AWS account
Resources:
NewRelicInfrastructure-IntegrationsRole:
Type: AWS::IAM::Role
Properties:
AssumeRolePolicyDocument:
Version: '2012-10-17'
Statement:
Effect: Allow
Principal:
AWS: 11111111
Action: sts:AssumeRole
Condition:
StringEquals:
sts:ExternalId: '11111'
Path: '/'
ManagedPolicyArns: arn:aws:iam::aws:policy/ReadOnlyAccess
RoleName: NewRelicInfrastructure-Integrations2
缩进已修复,它在 AssumeRolePolicyDocument 中指定了某些内容,但 YAML 语法不正确,这有效:
AWSTemplateFormatVersion: '2010-09-09'
Description: AWS CloudFormation template IAM Role for New Relic to have read access to AWS account
Resources:
NewRelicInfrastructureIntegrationsRole:
Type: AWS::IAM::Role
Properties:
Path: '/managed/'
ManagedPolicyArns:
- 'arn:aws:iam::aws:policy/ReadOnlyAccess'
AssumeRolePolicyDocument:
Version: '2012-10-17'
Statement:
-
Action: sts:AssumeRole
Effect: Allow
Principal:
AWS: 1111111111111
Condition:
StringEquals:
sts:ExternalId: '11111'
RoleName: NewRelicInfrastructureIntegrationsRole
在线使用 YAML 解释器向您展示您可能在 yaml 文件中获得空值的位置。它们很难被发现,因为错误的缩进会导致空值 - yaml 解释器将在 json 中显示您获得该值的位置。
我正在为授予跨账户只读访问权限的 IAM 角色开发 Cloudformation 模板。它也使用托管策略进行只读访问。到目前为止,我已经解决了几个错误,但现在我在尝试验证模板时收到“模板中不允许使用 'null' 值”错误。我认为这是 space 或语法问题,但我不能确定,因为这是我第一次从头开始创建 cloudformation 模板并使用 YAML。
AWSTemplateFormatVersion: '2010-09-09'
Description: AWS CloudFormation template IAM Role for New Relic to have read access to AWS account
Resources:
NewRelicInfrastructure-IntegrationsRole:
Type: AWS::IAM::Role
Properties:
AssumeRolePolicyDocument:
Version: '2012-10-17'
Statement:
Effect: Allow
Principal:
AWS: 11111111
Action: sts:AssumeRole
Condition:
StringEquals:
sts:ExternalId: '11111'
Path: '/'
ManagedPolicyArns: arn:aws:iam::aws:policy/ReadOnlyAccess
RoleName: NewRelicInfrastructure-Integrations2
问题出在 AssumeRolePolicyDocument:。它是必需的,但您将其留空。您还有一个缩进问题,其中 Path、ManagedPolicyArns 和 RoleName 在 Resources 而不是 Properties.
尝试:
AWSTemplateFormatVersion: '2010-09-09'
Description: AWS CloudFormation template IAM Role for New Relic to have read access to AWS account
Resources:
NewRelicInfrastructure-IntegrationsRole:
Type: AWS::IAM::Role
Properties:
AssumeRolePolicyDocument:
Version: '2012-10-17'
Statement:
Effect: Allow
Principal:
AWS: 11111111
Action: sts:AssumeRole
Condition:
StringEquals:
sts:ExternalId: '11111'
Path: '/'
ManagedPolicyArns: arn:aws:iam::aws:policy/ReadOnlyAccess
RoleName: NewRelicInfrastructure-Integrations2
缩进已修复,它在 AssumeRolePolicyDocument 中指定了某些内容,但 YAML 语法不正确,这有效:
AWSTemplateFormatVersion: '2010-09-09'
Description: AWS CloudFormation template IAM Role for New Relic to have read access to AWS account
Resources:
NewRelicInfrastructureIntegrationsRole:
Type: AWS::IAM::Role
Properties:
Path: '/managed/'
ManagedPolicyArns:
- 'arn:aws:iam::aws:policy/ReadOnlyAccess'
AssumeRolePolicyDocument:
Version: '2012-10-17'
Statement:
-
Action: sts:AssumeRole
Effect: Allow
Principal:
AWS: 1111111111111
Condition:
StringEquals:
sts:ExternalId: '11111'
RoleName: NewRelicInfrastructureIntegrationsRole
在线使用 YAML 解释器向您展示您可能在 yaml 文件中获得空值的位置。它们很难被发现,因为错误的缩进会导致空值 - yaml 解释器将在 json 中显示您获得该值的位置。