无法创建与我有创造cloudformation.But IAM政策问题cloudformation

Question

只有IAM政策，我得到的组，角色，用户需要的错误：

这里是我的代码：

{ 
"AWSTemplateFormatVersion": "2010-09-09", 
"Description": "AWS CloudFormation Template IAM Groups and Policies", 
"Resources": { 
    "PolicyAutoScalingLimitedOperation": { 
     "Type": "AWS::IAM::Policy", 
     "Properties": { 
      "PolicyName": "AutoScaling-Limited-Operation", 
      "PolicyDocument": { 
       "Statement": [{ 
         "Effect": "Allow", 
         "Action": [ 
          "dynamodb:*" 
         ], 
         "Resource": "*" 
        }, 
        { 
         "Effect": "Allow", 
         "Action": [ 
          "cloudwatch:PutMetricData" 
         ], 
         "Resource": "*" 
        }, 
        { 
         "Effect": "Allow", 
         "Action": [ 
          "xray:PutTraceSegments", 
          "xray:PutTelemetryRecords" 
         ], 
         "Resource": "*" 
        }, 
        { 
         "Effect": "Allow", 
         "Action": [ 
          "s3:Get*", 
          "s3:List*", 
          "s3:PutObject" 
         ], 
         "Resource": "*" 
        }, 
        { 
         "Effect": "Allow", 
         "Action": [ 
          "logs:PutLogEvents", 
          "logs:CreateLogStream" 
         ], 
         "Resource": "arn:aws:logs:*:*:log-group:/aws/elasticbeanstalk*" 
        }, 
        { 
         "Effect": "Allow", 
         "Action": [ 
          "kms:ListAliases", 
          "kms:ListKeys", 
          "kms:Encrypt", 
          "kms:Decrypt" 
         ], 
         "Resource": "*" 
        } 
       ] 
      } 
     } 
    } 
} 

}

现在，当我运行它，我得到：

At least one of [Groups,Roles,Users] must be non-empty. 

是否牛逼意思是我不能在不添加用户/角色的情况下使用cloudformation创建策略？

Answer 1

如果您只想要独立策略，您可能需要创建一个AWS::IAM::ManagedPolicy。

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-managedpolicy.html