时间戳

首页 > 解决方案 > 创建多个用户时出现 Cloudformation 错误

amazon-web-services - 创建多个用户时出现 Cloudformation 错误

问题描述

我正在尝试使用 CFT 创建两个用户我对 cloudformation 非常陌生,我们如何定义多个用户,我在下面尝试过但遇到 cft 错误。

{
  "Resources": {
    "AWSSCRIPTS": {
      "Type": "AWS::IAM::User"
    },
    "AWSSCRIPTSPolicy": {
      "Type": "AWS::IAM::ManagedPolicy",
      "Properties": {
        "Description" : "This policy allows to run scripts in new account.",
        "PolicyDocument": {
          "Version": "2012-10-17",
          "Statement": [
            {
              "Effect": "Allow",
              "Action": "*",
              "Resource": "*"
            }
          ]
        },
        "Users": [{
          "Ref": "AWSSCRIPTS"
        }]
      }
    },
    "AWSSCRIPTSKeys": {
      "Type": "AWS::IAM::AccessKey",
      "Properties": {
        "UserName": {
          "Ref": "AWSSCRIPTS"
        }
      }
    }
  },  
  "ADDUSER": {
    "Type": "AWS::IAM::User"
  },
  "ADDUSERPolicy": {
    "Type": "AWS::IAM::ManagedPolicy",
    "Properties": {
      "Description" : "This policy allows to list IAM Roles for AAD User.",
      "PolicyDocument": {
        "Version": "2012-10-17",
        "Statement": [
          {
            "Effect": "Allow",
            "Action": "*",
            "Resource": "*"
          }
        ]
      },
      "Users": [{
        "Ref": "ADDUSER"
      }]
    }
  },
  "ADDUSERKeys": {
    "Type": "AWS::IAM::AccessKey",
    "Properties": {
      "UserName": {
        "Ref": "ADDUSER"
      }
    }
  },

  "Outputs": {
    "AccessKey": {
      "Value": {
        "Ref": "AWSSCRIPTS"
      },
      "Description": "Access Key ID of AWS Scripts"
    },
    "SecretKey": {
      "Value": {
        "Fn::GetAtt": [
          "AWSSCRIPTSKeys",
          "SecretAccessKey"
        ]
    },
    "Description": "Secret Key of AWS Scripts User"
  },
  "AccessKey2": {
    "Value": {
      "Ref": "ADDUSER"
    },
    "Description": "Access Key ID of ADD USER"
  },
  "SecretKey2": {
    "Value": {
      "Fn::GetAtt": [
        "ADDUSERKeys",
        "SecretAccessKey"
      ]
  },
  "Description": "Secret Key of ADD User"
}
}
}

我得到以下错误

Invalid template property or properties [ADDUSERPolicy, ADDUSER, ADDUSERKeys]

根据用户所需的访问类型,为用户创建凭据:

编程访问:IAM 用户可能需要进行 API 调用、使用 AWS CLI 或使用适用于 Windows PowerShell 的工具。在这种情况下,为该用户创建访问密钥(访问密钥 ID 和秘密访问密钥)。

AWS 管理控制台访问:如果用户需要访问 AWS 管理控制台,请为用户创建密码。

标签: amazon-web-servicesaws-sdkamazon-cloudformationamazon-iam

解决方案

ADDUSERADDUSERPolicy并且ADDUSERKeys应该在 中Resources,但它们处于同一级别:

格式化的 CF 模板

推荐阅读