Aurora PostgreSQL访问s3的权限
Aurora PostgreSQL访问s3的权限
提问于 2020-07-08 16:10:28
我试图授予我的Aurora PostgreSQL访问s3桶的权限。我使用的是无服务器框架,有以下代码。
RDSCluster:
Type: 'AWS::RDS::DBCluster'
Properties:
MasterUsername: AuserName
MasterUserPassword: Apassword
DBSubnetGroupName:
Ref: RDSClusterGroup
AvailabilityZones:
- eu-central-1a
- eu-central-1b
Engine: aurora-postgresql
EngineVersion: 11.9
EngineMode: provisioned
EnableHttpEndpoint: true
DatabaseName: initialbase
DBClusterParameterGroupName:
Ref: RDSDBParameterGroup
AssociatedRoles:
- RoleArn:
{ Fn::GetAtt: [ AuroraPolicy, Arn ] }
VpcSecurityGroupIds:
- Ref: RdsSecurityGroup
AuroraPolicy:
Type: AWS::IAM::Role
Properties:
AssumeRolePolicyDocument:
Version: '2012-10-17'
Statement:
- Effect: Allow
Principal:
Service:
- rds.amazonaws.com
Action:
- sts:AssumeRole
Path: "/"
Policies:
- PolicyName: AuroraRolePolicy
PolicyDocument:
Version: '2012-10-17'
Statement:
- Effect: Allow
Action:
- s3:AbortMultipartUpload
- s3:GetBucketLocation
- s3:GetObject
- s3:ListBucket
- s3:ListBucketMultipartUploads
- s3:PutObject
Resource:
- { Fn::GetAtt: [ S3BucketEgresbucket, Arn ] }
- Fn::Join:
- ""
- - { Fn::GetAtt: [ S3BucketEgresbucket, Arn ] }
- "/*" 这应该授予DB使用SELECT aws_commons.create_s3_ur执行查询的权限。
但是,当我尝试部署时,我会得到错误消息:
特性名参数必须与Aurora (PostgreSQL)引擎的当前操作一起提供。。
Stack Overflow用户
回答已采纳
发布于 2020-07-09 13:13:33
这个问题来自于AssociatedRoles对象,cloudformation指出,如果您希望集群访问所需的其他FeatureName服务,则不需要FeatureName字段。在本例中,由于我想让集群访问一个s3桶,所以我不得不更改AssociatedRoles对象,如下所示:
AssociatedRoles:
- RoleArn: { Fn::GetAtt: [ roleServiceIntegration, Arn ] }
FeatureName: s3Import页面原文内容由Stack Overflow提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:
https://stackoverflow.com/questions/62798979
复制相关文章
相似问题
腾讯云开发者
