继cloudformation模板提供了第9行错误:附加政策的IAM角色
{
"AWSTemplateFormatVersion" : "2010-09-09",
"Description" : "Policy to allow send receive message from SQS Queue",
"Resources" : {
"MyPolicy" : {
"Type" : "AWS::IAM::Policy",
"Properties" : {
"PolicyName" : "CFUsers",
"Roles": [ { "arn:aws:iam::710161973367:role/Cognito_CFIAuth_Role" } ],
"PolicyDocument" : {
"Version" : "2012-10-17",
"Statement": [
{
"Sid": "Sid1482400105445",
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::710161973367:role/Cognito_CFIAuth_Role"
},
"Action": [
"SQS:SendMessage",
"SQS:ReceiveMessage",
"SQS:DeleteMessage",
"SQS:GetQueueUrl"
],
"Resource": "arn:aws:sqs:ap-south-1:710161973367:CFI-Trace"
}
]
}
}
}
}
我想角色Cognito_CFIAuth_Role有消息发送/读/删除SQS队列CFI-跟踪previleges。我如何将SQS操作权限附加到IAM角色?
严格来说,从语法的角度来看,'[{“arn:aws:iam :: 710161973367:role/Cognito_CFIAuth_Role”}]的确是错误的,因为它是一个包含带有键但没有值的对象的数组。 '''''''不正确。 –