我试图用CodeDeploy将我的代码放到AWS上。要做到这一点,我必须创建一个角色,我目前仍然坚持。我设置了这样的政策:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "",
"Effect": "Allow",
"Principal": {
"Service": [
"codedeploy.amazonaws.com"
]
},
"Action": "sts:AssumeRole"
}
]
}
并将文件保存为service-role.json
。然后我使用了命令:
aws iam create-role --role-name MyServiceRole --assume-role-policy-document file://service-role.json
我最终跑了...那返回了一些JSON:
{
"Role": {
"Path": "/",
"RoleName": "MyServiceRole",
"RoleId": "SOMESTRINGOFRANDOMALPHANUMERICS",
"Arn": "arn:aws:iam::1123445569:role/MyServiceRole",
"CreateDate": "2018-08-31T03:18:24Z",
"AssumeRolePolicyDocument": {
"Version": "2012-10-17",
"Statement": [
{
"Sid": "",
"Effect": "Allow",
"Principal": {
"Service": [
"codedeploy.amazonaws.com"
]
},
"Action": "sts:AssumeRole"
}
]
}
}
}
这一切看起来都正确,所以我试着跑:
aws iam attach-role-policy --role-name MyServiceRole --policy-arn arn:aws:iam::1123445569:role/MyServiceRole
并且......我收到了回复
An error occurred (InvalidInput) when calling the AttachRolePolicy operation: ARN arn:aws:iam::1123445569:role/MyServiceRole is not valid.
我已经梳理了互联网寻找解决方案,因为看起来我已经完成了this指示我的工作,但我仍然没有得到任何结果。有谁知道我做错了什么?
您没有附加已创建的假定角色策略(并且在创建时已附加到MyServiceRole),而是附加mentioned tutorial中描述的AWS权限角色之一(步骤3),因此:
aws iam attach-role-policy --role-name MyServiceRole --policy-arn arn:aws:iam::aws:policy/service-role/AWSCodeDeployRole
要么
aws iam attach-role-policy --role-name MyServiceRole --policy-arn arn:aws:iam::aws:policy/service-role/AWSCodeDeployRoleForLambda