嗨,我在AWS CDK工作。我正在努力制定政策。下面是我的代码。在
MWSECSServiceRole = iam.Role(self, 'MWSECSServiceRole',
assumed_by=iam.ServicePrincipal('ecs.amazonaws.com'))
MWSECSServiceRole.add_to_policy(iam.PolicyStatement(
effect=iam.Effect.ALLOW,
resources=["arn:aws:elasticloadbalancing:*:{AccountId}:loadbalancer/app/mws-*","arn:aws:elasticloadbalancing:*:{AccountId}:listener-rule/app/mws-*","arn:aws:elasticloadbalancing:*:{AccountId}:listener/app/mws-*","arn:aws:elasticloadbalancing:*:{AccountId}:targetgroup/mws-*"],
actions=["elasticloadbalancing:DeregisterInstancesFromLoadBalancer","elasticloadbalancing:DeregisterTargets","elasticloadbalancing:RegisterInstancesWithLoadBalancer","elasticloadbalancing:RegisterTargets"]
))
MWSECSServiceRole.add_to_policy(iam.PolicyStatement(
effect=iam.Effect.ALLOW,
resources=["*"],
actions=["ec2:AuthorizeSecurityGroupIngress","ec2:Describe*","elasticloadbalancing:Describe*"]
))
它将生成下面的云形成模板。在
^{pr2}$当我试图部署它抛出下面的错误。在
The policy failed legacy parsing (Service: AmazonIdentityManagement; Status Code: 400; Error Code: MalformedPolicyDocument; Request ID: e54462f7-f0bc-4a8c-9ec4-9530125113ec)
有人能帮我找出这个问题吗?任何帮助都将不胜感激。谢谢
我建议您使用^{} 构建您的ARN:
另请参见ARN Manipulation。在
或者,您可以连接字符串并使用^{} :
^{pr2}$相关问题 更多 >
编程相关推荐