1
試圖簡單部署以前工作的數據管道定義。這次我改變了角色以與另一個AWS(生產vs分期)賬戶保持一致。部署具有標準角色的AWS數據管道
當我通過AWS CLI部署,我得到這個消息:
{
"validationErrors": [
{
"errors": [
"Please add following permissions to the role ('DataPipelineDefaultRole') for uploading logs to s3: s3:Get*,s3:List*,s3:Put*"
],
"id": "EC2_Box_TaskRunner"
}
],
"errored": true,
"validationWarnings": []
}
這裏是DataPipelineDefaultRole的定義:
{
"Statement": [
{
"Action": [
"s3:*",
"dynamodb:DescribeTable",
"dynamodb:Scan",
"dynamodb:Query",
"dynamodb:GetItem",
"dynamodb:BatchGetItem",
"dynamodb:UpdateTable",
"ec2:*",
"elasticmapreduce:*",
"rds:DescribeDBInstances",
"rds:DescribeDBSecurityGroups",
"redshift:DescribeClusters",
"redshift:DescribeClusterSecurityGroups",
"sns:GetTopicAttributes",
"sns:ListTopics",
"sns:Publish",
"sns:Subscribe",
"sns:Unsubscribe",
"iam:PassRole",
"iam:ListRolePolicies",
"iam:GetRole",
"iam:GetRolePolicy",
"iam:ListInstanceProfiles",
"cloudwatch:*",
"datapipeline:*"
],
"Effect": "Allow",
"Resource": [
"*"
]
}
]
}
我還注意到,當我試圖重新創建 'DataPipelineDefaultRole',有時候「實例配置文件ARN(s)」是空白的。最後,我能夠通過「hello world數據管道模板」設置和/或手動步驟的組合來重新創建角色。 (與實例ARN存在)
即使角色設置爲:
{
"Statement": [
{
"Action": [
"*"
],
"Effect": "Allow",
"Resource": [
"*"
]
}
]
}
這是行不通的。
我在做什麼錯?