无法使用python在aws cdk中写入策略文档

2024-05-19 10:23:27 发布

您现在位置:Python中文网/ 问答频道 /正文
4042 3

嗨,我在AWS CDK工作。我正在努力制定政策。下面是我的代码。在

MWSECSServiceRole = iam.Role(self, 'MWSECSServiceRole',
          assumed_by=iam.ServicePrincipal('ecs.amazonaws.com'))

        MWSECSServiceRole.add_to_policy(iam.PolicyStatement(
        effect=iam.Effect.ALLOW,
        resources=["arn:aws:elasticloadbalancing:*:{AccountId}:loadbalancer/app/mws-*","arn:aws:elasticloadbalancing:*:{AccountId}:listener-rule/app/mws-*","arn:aws:elasticloadbalancing:*:{AccountId}:listener/app/mws-*","arn:aws:elasticloadbalancing:*:{AccountId}:targetgroup/mws-*"],
        actions=["elasticloadbalancing:DeregisterInstancesFromLoadBalancer","elasticloadbalancing:DeregisterTargets","elasticloadbalancing:RegisterInstancesWithLoadBalancer","elasticloadbalancing:RegisterTargets"]
        ))

        MWSECSServiceRole.add_to_policy(iam.PolicyStatement(
        effect=iam.Effect.ALLOW,
        resources=["*"],
        actions=["ec2:AuthorizeSecurityGroupIngress","ec2:Describe*","elasticloadbalancing:Describe*"]
        ))

它将生成下面的云形成模板。在

^{pr2}$

当我试图部署它抛出下面的错误。在

The policy failed legacy parsing (Service: AmazonIdentityManagement; Status Code: 400; Error Code: MalformedPolicyDocument; Request ID: e54462f7-f0bc-4a8c-9ec4-9530125113ec)

有人能帮我找出这个问题吗?任何帮助都将不胜感激。谢谢


Tags: toawsaddapppolicyiamarnresources
1条回答
网友
1楼 · 发布于 2024-05-19 10:23:27

我建议您使用^{}构建您的ARN:

my_resource = core.Stack.of(self).format_arn(
  service="elasticloadbalancing",
  resource="loadbalancer",
  resource_name="app/mws-*"
)

另请参见ARN Manipulation。在

或者,您可以连接字符串并使用^{}

^{pr2}$

相关问题 更多 >

    编程相关推荐

    热门问题