我正在检查我们是否可以将多个 IAM 策略附加到云形成中。我已经附加了托管策略,并且可以附加内联策略,但想检查是否可以附加多个内联策略。
我想加入同一个角色
1) 托管策略 2) 内联策略 - 1 3) 内联策略 - 2
谢谢纳塔拉吉
问问题
4409 次
1 回答
10
这是完全可能的。相关字段将是ManagedPolicyArns和Policies。
Resources:
RootRole:
Type: "AWS::IAM::Role"
Properties:
AssumeRolePolicyDocument:
Version: "2012-10-17"
Statement:
- Effect: "Allow"
Principal:
Service:
- "ec2.amazonaws.com"
Action:
- "sts:AssumeRole"
Path: "/"
ManagedPolicyArns:
- 'arn:aws:iam::ACCOUNT_ID:policy/myname/ManagedPolicy'
Policies:
- PolicyName: "Inline Policy 1"
PolicyDocument:
Version: "2012-10-17"
Statement:
- Effect: "Allow"
Action: "*"
Resource: "*"
- PolicyName: "Inline Policy 2"
PolicyDocument:
Version: "2012-10-17"
Statement:
- Effect: "Allow"
Action: "*"
Resource: "*"
有关更多详细信息/标注,请查看文档:https ://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-role.html
于 2018-08-06T17:29:53.130 回答