Cloudformation 存储桶策略 - “声明缺少必需元素”答案

【问题标题】：Cloudformation Bucket Policy - "Statement is missing required element"Cloudformation 存储桶策略 - “声明缺少必需元素”
【发布时间】：2018-04-01 00:40:06
【问题描述】：

我有这个要部署到 CloudFormation 的 S3 存储桶和策略。

Resources:
  ReportsBucket:
    Type: AWS::S3::Bucket

  BucketPolicy:
    Type: AWS::S3::BucketPolicy
    Properties:
      Bucket: !Ref ReportsBucket
      PolicyDocument:
        Id: ReportPolicy
        Version: "2012-10-17"
        Statement:
          - Sid: ReportBucketPolicyDoc
            Effect: Allow
            Action: "s3:*"
            Principal:
              AWS: !Join ['', ["arn:aws:iam::", !Ref "AWS::AccountId", ":root"]]
            Resource: !Join ['', ['arn:aws:s3:::', !Ref S3Bucket, '/*']]

它失败了，

UPDATE_ROLLBACK_IN_PROGRESS AWS::CloudFormation::Stack  {my stack name} The following resource(s) failed to create: [BucketPolicy].
CREATE_FAILED   AWS::S3::BucketPolicy   BucketPolicy    Statement is missing required element

我的政策有什么问题？

【问题讨论】：

标签： amazon-web-services amazon-s3 amazon-cloudformation

【解决方案1】：

它有两个问题：

第一行缺少AWSTemplateFormatVersion（必需元素）
对S3Bucket 的引用应该是ReportsBucket

更新版本：

AWSTemplateFormatVersion: 2010-09-09
Resources:
  ReportsBucket:
    Type: AWS::S3::Bucket

  BucketPolicy:
    Type: AWS::S3::BucketPolicy
    Properties:
      Bucket: !Ref ReportsBucket
      PolicyDocument:
        Id: ReportPolicy
        Version: "2012-10-17"
        Statement:
          - Sid: ReportBucketPolicyDoc
            Effect: Allow
            Action: "s3:*"
            Principal:
              AWS: !Join ['', ["arn:aws:iam::", !Ref "AWS::AccountId", ":root"]]
            Resource: !Join ['', ['arn:aws:s3:::', !Ref ReportsBucket, '/*']]

【讨论】：