无法将服务角色策略附加到客户角色。(服务: AmazonIdentityManagement;状态代码: 400;错误代码: PolicyNotAttachable
无法将服务角色策略附加到客户角色。(服务: AmazonIdentityManagement;状态代码: 400;错误代码: PolicyNotAttachable
提问于 2022-07-27 10:02:49
我试图使用cloudformation使用角色创建具有AWS托管权限的角色,但我得到了一个错误:Cannot attach a Service Role Policy to a Customer Role. (Service: AmazonIdentityManagement; Status Code: 400; Error Code: PolicyNotAttachable。如能提供任何帮助,将不胜感激。
代码片段:
AutoscalingRole:
Type: AWS::IAM::Role
Properties:
AssumeRolePolicyDocument:
Statement:
- Effect: Allow
Principal:
Service: [application-autoscaling.amazonaws.com]
Action: ['sts:AssumeRole']
ManagedPolicyArns:
- 'arn:aws:iam::aws:policy/aws-service-role/AutoScalingServiceRolePolicy'
ECSRole:
Type: AWS::IAM::Role
Properties:
AssumeRolePolicyDocument:
Version: 2008-10-17
Statement:
- Sid: ''
Effect: Allow
Principal:
Service: ecs.amazonaws.com
Action: 'sts:AssumeRole'
ManagedPolicyArns:
- 'arn:aws:iam::aws:policy/aws-service-role/AmazonEC2ContainerServiceRole'
ECSTaskExecutionRole:
Type: AWS::IAM::Role
Properties:
AssumeRolePolicyDocument:
Statement:
- Effect: Allow
Principal:
Service: [ecs-tasks.amazonaws.com]
Action: ['sts:AssumeRole']
ManagedPolicyArns:
- 'arn:aws:iam::aws:policy/aws-service-role/AmazonECSServiceRolePolicy'回答 1
Stack Overflow用户
发布于 2022-07-28 11:32:20
似乎你提供了错误的ARN的管理政策。我在aws控制台里找过了,我得到了:
arn:aws:iam::aws:policy/service-role/AmazonEC2ContainerServiceRole
而不是你的:
arn:aws:iam::aws:policy/aws-service-role/AmazonECSServiceRolePolicy
只需转到AWS控制台中的IAM策略面板,一个接一个地找到它们,为每个人提供arn。
页面原文内容由Stack Overflow提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:
https://stackoverflow.com/questions/73135950
复制相关文章
相似问题
腾讯云开发者
