尝试进行放大推送时出现 AWS Amplify SNSRole 错误
AWS Amplify SNSRole error when trying to do an amplify push
我的公司有一个 Amplify 项目,该项目具有 2 个不同的环境(生产环境、开发环境)以及 Cognito 和一些 lambda 和 api。一切正常,直到我尝试执行 amplify push 命令来更新一个 lambda 函数。
这是 AWS 仪表板上 CloudFormation 的错误:
Invalid principal in policy: "SERVICE":"cognito-.amazonaws.com"
(Service: AmazonIdentityManagement; Status Code: 400; Error Code:
MalformedPolicyDocument; Request ID:
169462d5-58fb-40af-9c2d-69178442ecd6)
这是 amplify push 输出的错误:
UPDATE_FAILED SNSRole
AWS::IAM::Role Thu Jan 30 2020 13:46:08 GMT-0200 (Brasilia
Summer Time) Invalid principal in policy:
"SERVICE":"cognito-.amazonaws.com" (Service: AmazonIdentityManagement;
Status Code: 400; Error Code: MalformedPolicyDocument; Request ID:
56f492a2-c40e-4827-8c53-07cdf44bc780)
如您所见,Cognito 的云形成文件有错误,但当前的 SNSRole 配置是:
# BEGIN SNS ROLE RESOURCE
SNSRole:
# Created to allow the UserPool SMS Config to publish via the Simple Notification Service during MFA Process
Type: AWS::IAM::Role
Properties:
RoleName: !Ref roleName
AssumeRolePolicyDocument:
Version: "2012-10-17"
Statement:
- Sid: ""
Effect: "Allow"
Principal:
Service: "cognito-idp.amazonaws.com"
Action:
- "sts:AssumeRole"
Condition:
StringEquals:
sts:ExternalId: !Ref roleExternalId
Policies:
-
PolicyName: !Ref policyName
PolicyDocument:
Version: "2012-10-17"
Statement:
-
Effect: "Allow"
Action:
- "sns:Publish"
Resource: "*"
您是否检查过管理您的环境的 S3 存储桶的内容?我们遇到了类似的问题,发现虽然我们本地的 SNSRole Configuration 是对的,但是 S3 bucket 的 CloudFormation 模板文件是旧的,仍然有 'cognito-.amazon...' 的问题。
尝试在本地更正这个,然后推送到云端,它会用正确的文件覆盖远程 CloudFormation 模板文件。
希望一切顺利!
我的公司有一个 Amplify 项目,该项目具有 2 个不同的环境(生产环境、开发环境)以及 Cognito 和一些 lambda 和 api。一切正常,直到我尝试执行 amplify push 命令来更新一个 lambda 函数。
这是 AWS 仪表板上 CloudFormation 的错误:
Invalid principal in policy: "SERVICE":"cognito-.amazonaws.com" (Service: AmazonIdentityManagement; Status Code: 400; Error Code: MalformedPolicyDocument; Request ID: 169462d5-58fb-40af-9c2d-69178442ecd6)
这是 amplify push 输出的错误:
UPDATE_FAILED SNSRole
AWS::IAM::Role Thu Jan 30 2020 13:46:08 GMT-0200 (Brasilia Summer Time) Invalid principal in policy: "SERVICE":"cognito-.amazonaws.com" (Service: AmazonIdentityManagement; Status Code: 400; Error Code: MalformedPolicyDocument; Request ID: 56f492a2-c40e-4827-8c53-07cdf44bc780)
如您所见,Cognito 的云形成文件有错误,但当前的 SNSRole 配置是:
# BEGIN SNS ROLE RESOURCE
SNSRole:
# Created to allow the UserPool SMS Config to publish via the Simple Notification Service during MFA Process
Type: AWS::IAM::Role
Properties:
RoleName: !Ref roleName
AssumeRolePolicyDocument:
Version: "2012-10-17"
Statement:
- Sid: ""
Effect: "Allow"
Principal:
Service: "cognito-idp.amazonaws.com"
Action:
- "sts:AssumeRole"
Condition:
StringEquals:
sts:ExternalId: !Ref roleExternalId
Policies:
-
PolicyName: !Ref policyName
PolicyDocument:
Version: "2012-10-17"
Statement:
-
Effect: "Allow"
Action:
- "sns:Publish"
Resource: "*"
您是否检查过管理您的环境的 S3 存储桶的内容?我们遇到了类似的问题,发现虽然我们本地的 SNSRole Configuration 是对的,但是 S3 bucket 的 CloudFormation 模板文件是旧的,仍然有 'cognito-.amazon...' 的问题。
尝试在本地更正这个,然后推送到云端,它会用正确的文件覆盖远程 CloudFormation 模板文件。
希望一切顺利!