0

我一直在我的 cloudformation 模板中遇到循环依赖错误。我相信要解决这个问题,需要将依赖关系分离到不同的资源中,但就我而言,我只想将我正在创建的角色的 arn 添加到策略中。

以下是我要添加到有关此角色的策略的操作之一:

Resources:
  SSMHostMgmtRole:
     Type: AWS::IAM::Role
     Properties:
       AssumeRolePolicyDocument:
         Statement:
         - Action:
           - sts:AssumeRole
           Effect: Allow
           Principal:
             Service:
             - ssm.amazonaws.com
         Version: '2012-10-17'
       Path: "/"
       Policies:
       - PolicyDocument:
           - Action:
             - iam:PassRole
             Effect: Allow
             Resource: !GetAtt SSMHostMgmtRole.Arn
         PolicyName: !Sub ${AWS::StackName}-${AWS::Region}-Example
       RoleName: !Sub ${AWS::StackName}-${AWS::Region}-HostMgmtRole

有人可以帮我指出消除循环依赖并使模板正常工作的更改吗?

4

1 回答 1

1

您需要通过手动创建 Arn 来打破循环依赖。代替:

Resource: !GetAtt SSMHostMgmtRole.Arn


Resource: !Sub arn:aws:iam::${AWS::AccountId}:role/${AWS::StackName}-${AWS::Region}-HostMgmtRole
于 2021-11-25T18:52:14.360 回答