【发布时间】:2018-06-11 07:34:44
【问题描述】:
我尝试将以下代码部署到 CloudFormation。 出于某种原因,它坚持认为我在模板中遗漏了一个关键元素。
自从我修改了资源 S3NotificationBucketPolicy 中的存储桶策略后,我才开始收到此错误。
任何见解都会很棒。
{
"AWSTemplateFormatVersion": "2010-09-09",
"Description": "",
"Resources": {
"S3NotificationBucketPolicy": {
"Type": "AWS::S3::BucketPolicy",
"Properties": {
"Bucket": {
"Ref": "S3NotificationBucket"
},
"PolicyDocument": {
"Version": "2012-10-17",
"Statement": [{
"Version": "2012-10-17",
"Statement": [{
"Sid": "AWSCloudTrailAclCheck20150318",
"Action": "s3:GetBucketAcl",
"Effect": "Allow",
"Resource": {
"Fn::Join": ["",
["arn:aws:s3:::",
{
"Ref": "S3NotificationBucket"
}]]
},
"Principal": {
"Service": "cloudtrail.amazonaws.com"
}
},
{
"Sid": "AWSCloudTrailWrite20150318",
"Action": "s3:PutObject",
"Effect": "Allow",
"Resource": {
"Fn::Join": ["",
["arn:aws:s3:::",
{
"Ref": "S3NotificationBucket"
},
"/*"]]
},
"Principal": {
"Service": "cloudtrail.amazonaws.com"
},
"Condition": {
"StringEquals": {
"s3:x-amz-acl": "bucket-owner-full-control"
}
}
}]
}]
}
}
},
"S3Bucket": {
"Type": "AWS::S3::Bucket",
"DeletionPolicy": "Delete",
"Properties": {
}
},
"S3NotificationBucket": {
"Type": "AWS::S3::Bucket",
"DeletionPolicy": "Delete",
"Properties": {
}
},
"S3BucketPolicyForCloudTrail": {
"DependsOn": "S3Bucket",
"Type": "AWS::S3::BucketPolicy",
"Properties": {
"Bucket": {
"Ref": "S3Bucket"
},
"PolicyDocument": {
"Version": "2012-10-17",
"Statement": [{
"Sid": "AWSCloudTrailAclCheck20150319",
"Effect": "Allow",
"Principal": {
"Service": "cloudtrail.amazonaws.com"
},
"Action": "s3:GetBucketAcl",
"Resource": {
"Fn::Join": ["",
["arn:aws:s3:::",
{
"Ref": "S3Bucket"
}]]
}
},
{
"Sid": "Permissions fot Cloudtrail",
"Effect": "Allow",
"Principal": {
"Service": "cloudtrail.amazonaws.com"
},
"Action": "s3:*",
"Resource": {
"Fn::Join": ["",
["arn:aws:s3:::",
{
"Ref": "S3Bucket"
},
"/*"]]
}
}]
}
}
},
"CloudTrailForS3": {
"DependsOn": ["S3NotificationBucketPolicy",
"S3BucketPolicyForCloudTrail"],
"Type": "AWS::CloudTrail::Trail",
"Properties": {
"EventSelectors": [{
"DataResources": [{
"Type": "AWS::S3::Object",
"Values": [{
"Fn::Join": ["",
["arn:aws:s3:::",
{
"Ref": "S3Bucket"
},
"/*"]]
}]
}],
"ReadWriteType": "All",
"IncludeManagementEvents": false
}],
"S3BucketName": {
"Ref": "S3NotificationBucket"
},
"IsLogging": true,
"IncludeGlobalServiceEvents": true
}
}
}
}
即使我已经说明了所需的元素,它也会失败并显示以下消息。
缺少必填字段效果(服务:Amazon S3;状态代码:400;错误 代码:畸形策略;请求 ID:B44FBDB00CA6AFDD; S3 扩展请求 ID: jglPqCY9LCEOvIz5v7d2vyFbeaaelNVgahs7nGtYg5NJR20FRfef4m0lgtzqZEMyltI7d9T1g4s=)`
【问题讨论】:
标签: json amazon-web-services amazon-cloudformation amazon-cloudtrail