我正在尝试使用 CDK 创建一个角色,这是要求 1. 访问 api 网关(GET、DELETE、PUT、POST) 2. 与 aws 帐户“1234567”具有信任关系
这是我的 CDK 打字稿代码:
const role = new iam.Role(this, 'IMAAPIGatewayAccessRole', {
roleName: 'IMAAPIGatewayAccessRole',
assumedBy: new iam.AnyPrincipal(),
});
role.addToPolicy(new PolicyStatement(iam.PolicyStatementEffect.Allow)
.addAwsAccountPrincipal('1234567')
.addActions(
"apigateway:GET",
"apigateway:POST",
"apigateway:PUT",
"apigateway:DELETE"
)
.addAllResources()
);
但是我遇到了 MalformedPolicyDocument 错误但是没有 addAwsAccountPrincipal() 我没有得到它。
AssumeRolepolicy contained an invalid principal: "STAR":"*". (Service: AmazonIdentityManagement; Status Code: 400; Error Code: MalformedPolicyDocument; Request ID: cb4073ee-aa5d-11e9-b299-c7ffa44eb0ca)
new Role (/Users//workspace/cdk/node_modules/@aws-cdk/aws-iam/lib/role.ts:200:18)
\_ new Ims (/Users//workspace/cdk/bin/cdk.ts:25:22)
\_ Object.<anonymous> (/Users//workspace/cdk/bin/cdk.ts:285:1)
\_ Module._compile (internal/modules/cjs/loader.js:774:30)
\_ Module.m._compile (/Users//workspace/cdk/node_modules/ts-node/src/index.ts:439:23)
\_ Module._extensions..js (internal/modules/cjs/loader.js:785:10)
\_ Object.require.extensions.<computed> [as .ts] (/Users//workspace/cdk/node_modules/ts-node/src/index.ts:442:12)
\_ Module.load (internal/modules/cjs/loader.js:641:32)
\_ Function.Module._load (internal/modules/cjs/loader.js:556:12)
\_ Function.Module.runMain (internal/modules/cjs/loader.js:837:10)
\_ Object.<anonymous> (/Users//workspace/cdk/node_modules/ts-node/src/bin.ts:154:12)
\_ Module._compile (internal/modules/cjs/loader.js:774:30)
\_ Object.Module._extensions..js (internal/modules/cjs/loader.js:785:10)
\_ Module.load (internal/modules/cjs/loader.js:641:32)
\_ Function.Module._load (internal/modules/cjs/loader.js:556:12)
\_ Function.Module.runMain (internal/modules/cjs/loader.js:837:10)
\_ /usr/local/lib/node_modules/npm/node_modules/libnpx/index.js:268:14
我的代码有什么问题?