1

所以,我一直在尝试在 AWS CDK 中为 CodeBuild 和 CodePipeline 编写一个 IAM 角色。

我需要将其公开,以便我可以在他们自己的声明中引用它们。

我还尝试从我的代码中生成一个简单的 CloudFormation 模板,但没有成功上传。有同样的错误。

AssumeRolepolicy contained an invalid principal: "STAR":"*"

const codeBuildRoleName = `${parameters.environment}CodeBuildRole`;
const codeBuildRole = new Role(this, codeBuildRoleName, {
  assumedBy: new AnyPrincipal(),
  roleName: codeBuildRoleName,
});

const codeBuildRolePolicy = `${parameters.environment}CodeBuildRolePolicy`;
codeBuildRole.attachInlinePolicy(new Policy(this, codeBuildRolePolicy , {
  statements: [
    new PolicyStatement({
      effect: Effect.ALLOW,
      resources: ['*'],
      actions: ['iam:PassRole']
    }),
    new PolicyStatement({
      effect: Effect.ALLOW,
      resources: ['*'],
      actions: ['codebuild:*']
    }),
    new PolicyStatement({
      effect: Effect.ALLOW,
      resources: ['*'],
      actions: [
        'logs:FilterLogEvents',
        'logs:GetLogEvents',
        'logs:CreateLogStream',
        'logs:CreateLogGroup',
        'logs:PutLogEvents',
      ]
    }),
    new PolicyStatement({
      effect: Effect.ALLOW,
      resources: ['*'],
      actions: [
        'apigateway:PATCH',
        'apigateway:GET',
        'apigateway:POST',
        'iam:*',
        'cloudformation:*',
        's3:*',
        'cognito-idp:*',
      ]
    })
  ]
}));

这是代码,我一直在得到这个。

AssumeRolepolicy contained an invalid principal: "STAR":"*"

而且我无法部署任何东西。

4

1 回答 1

-1

当您创建 时Role,请尝试传递 aServicePrincipal而不是AnyPrincipal像这样:

const codeBuildRole = new Role(this, codeBuildRoleName, {
  assumedBy: new ServicePrincipal(service: "codebuild.amazonaws.com"),
  roleName: codeBuildRoleName,
});

我现在无法对此进行测试,但我认为这应该可以解决问题。

于 2020-01-06T22:50:24.533 回答