0

我在当前的 CFN 模板中有一个 IAM 角色,但我无权在此账户中直接创建 IAM,因此我需要将其转换为我的模板中的服务目录代码:这是原始代码:

MongoDBRole:
 Type: 'AWS::IAM::Role'
 Properties:
  ManagedPolicyArns:
    - arn:aws:iam::aws:policy/CloudWatchAgentServerPolicy
  AssumeRolePolicyDocument:
    Version: 2012-10-17
    Statement:
      - Effect: Allow
        Principal:
          Service:
            - 'ec2.amazonaws.com'
        Action:
          - 'sts:AssumeRole'
  Tags:
    - Key: name
      Value: role-mongodb
    - Key: env
      Value: !Ref TagEnvironment
    - Key: sme
      Value: dba

这就是我尝试过的

MongoDBRole:
 Type: AWS::ServiceCatalog::CloudFormationProvisionedProduct
 Properties:
  ProductName: IAMRole
  ProvisioningArtifactName: 1.0.9
  ProvisioningParameters:
    - Key: RoleNameSuffix
      Value: MongoRole
    - Key: AssumingServices
      Value: ec2.amazonaws.com
    - Key: ManagedPolicyArns
      Value: arn:aws:iam::aws:policy/CloudWatchAgentServerPolicy

     This is the error:AWS::ServiceCatalog::CloudFormationProvisionedProduct CREATE_FAILED Model validation failed (#/Tags/0/Value: failed validation constraint for keyword [pattern])

我不相信我创建了这个权利,而且我对 cloudformation 和 moreso 服务目录还很陌生。我该如何纠正这个问题?

4

1 回答 1

0

要使用服务目录,您需要:

  1. 创建投资组合 (AWS::ServiceCatalog::Portfolio)
  2. 创建产品 (AWS::ServiceCatalog::CloudFormationProduct)
  3. 将产品与产品组合关联 (AWS::ServiceCatalog::PortfolioProductAssociation)
  4. 预置产品 (AWS::ServiceCatalog::CloudFormationProvisionedProduct)

在第 2 步中,当您创建产品时,您需要传递要部署的模板,在您的情况下是 IAM 角色的模板

于 2020-11-11T10:14:03.077 回答