1
试图简单部署以前工作的数据管道定义。这次我改变了角色以与另一个AWS(生产vs分期)账户保持一致。部署具有标准角色的AWS数据管道
当我通过AWS CLI部署,我得到这个消息:
{
"validationErrors": [
{
"errors": [
"Please add following permissions to the role ('DataPipelineDefaultRole') for uploading logs to s3: s3:Get*,s3:List*,s3:Put*"
],
"id": "EC2_Box_TaskRunner"
}
],
"errored": true,
"validationWarnings": []
}
这里是DataPipelineDefaultRole的定义:
{
"Statement": [
{
"Action": [
"s3:*",
"dynamodb:DescribeTable",
"dynamodb:Scan",
"dynamodb:Query",
"dynamodb:GetItem",
"dynamodb:BatchGetItem",
"dynamodb:UpdateTable",
"ec2:*",
"elasticmapreduce:*",
"rds:DescribeDBInstances",
"rds:DescribeDBSecurityGroups",
"redshift:DescribeClusters",
"redshift:DescribeClusterSecurityGroups",
"sns:GetTopicAttributes",
"sns:ListTopics",
"sns:Publish",
"sns:Subscribe",
"sns:Unsubscribe",
"iam:PassRole",
"iam:ListRolePolicies",
"iam:GetRole",
"iam:GetRolePolicy",
"iam:ListInstanceProfiles",
"cloudwatch:*",
"datapipeline:*"
],
"Effect": "Allow",
"Resource": [
"*"
]
}
]
}
我还注意到,当我试图重新创建 'DataPipelineDefaultRole',有时候“实例配置文件ARN(s)”是空白的。最后,我能够通过“hello world数据管道模板”设置和/或手动步骤的组合来重新创建角色。 (与实例ARN存在)
即使角色设置为:
{
"Statement": [
{
"Action": [
"*"
],
"Effect": "Allow",
"Resource": [
"*"
]
}
]
}
这是行不通的。
我在做什么错?