我正在使用 Terraform 使用本指南中的信任策略为 CodeBuild 部署服务角色。
指南中提到的服务角色在信任策略上设置条件以避免混淆代理问题,但在这些条件下,CodeBuild 无法承担出现此错误的角色:
CodeBuild 无权执行: sts:AssumeRole on arn:aws:iam::<account-ID>:role/<my-role>
没有条件一切正常。
有什么建议么?
指南中的信任政策:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": "codebuild.amazonaws.com"
},
"Action": "sts:AssumeRole",
"Condition": {
"StringEquals": {
"aws:SourceAccount": "<account-ID>"
},
"ArnLike": {
"aws:SourceArn": "arn:aws:codebuild:<region-ID>:<account-ID>:project/<project-name>"
}
}
}
]
}
在我的角色中生成的信任策略:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "",
"Effect": "Allow",
"Principal": {
"Service": "codebuild.amazonaws.com"
},
"Action": "sts:AssumeRole",
"Condition": {
"StringEquals": {
"aws:SourceAccount": "<account-ID>"
},
"ArnLike": {
"aws:SourceArn": "arn:aws:codebuild:us-west-2:<account-ID>:project/<my-project>"
}
}
}
]
}