無法創建與我有創造cloudformation.But IAM政策問題cloudformation

Question

只有IAM政策，我得到的組，角色，用戶需要的錯誤：

這裏是我的代碼：

{ 
"AWSTemplateFormatVersion": "2010-09-09", 
"Description": "AWS CloudFormation Template IAM Groups and Policies", 
"Resources": { 
    "PolicyAutoScalingLimitedOperation": { 
     "Type": "AWS::IAM::Policy", 
     "Properties": { 
      "PolicyName": "AutoScaling-Limited-Operation", 
      "PolicyDocument": { 
       "Statement": [{ 
         "Effect": "Allow", 
         "Action": [ 
          "dynamodb:*" 
         ], 
         "Resource": "*" 
        }, 
        { 
         "Effect": "Allow", 
         "Action": [ 
          "cloudwatch:PutMetricData" 
         ], 
         "Resource": "*" 
        }, 
        { 
         "Effect": "Allow", 
         "Action": [ 
          "xray:PutTraceSegments", 
          "xray:PutTelemetryRecords" 
         ], 
         "Resource": "*" 
        }, 
        { 
         "Effect": "Allow", 
         "Action": [ 
          "s3:Get*", 
          "s3:List*", 
          "s3:PutObject" 
         ], 
         "Resource": "*" 
        }, 
        { 
         "Effect": "Allow", 
         "Action": [ 
          "logs:PutLogEvents", 
          "logs:CreateLogStream" 
         ], 
         "Resource": "arn:aws:logs:*:*:log-group:/aws/elasticbeanstalk*" 
        }, 
        { 
         "Effect": "Allow", 
         "Action": [ 
          "kms:ListAliases", 
          "kms:ListKeys", 
          "kms:Encrypt", 
          "kms:Decrypt" 
         ], 
         "Resource": "*" 
        } 
       ] 
      } 
     } 
    } 
} 

}

現在，當我運行它，我得到：

At least one of [Groups,Roles,Users] must be non-empty. 

是否牛逼意思是我不能在不添加用戶/角色的情況下使用cloudformation創建策略？

Answer 1

如果您只想要獨立策略，您可能需要創建一個AWS::IAM::ManagedPolicy。

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-managedpolicy.html