CloudFormationで権限周りのエラーにハマったとき

6503 ワード

aws-cli CFn AWS CloudFormation AWS テキストリンク

何がツライか

CloudFormationでリソースを作るとき、以下のようなエラーにハマるのが辛い（Action教えてくれ）

何が私を救ってくれたか

aws cloudformation describe-type なる神コマンド

Description
Returns detailed information about an extension that has been registered.
If you specify a VersionId , DescribeType returns information about that specific extension version. Otherwise, it returns information about the default extension version.

使い方：aws cloudformation describe-type

コマンド

$ aws cloudformation describe-type --type RESOURCE --type-name AWS::NetworkFirewall::Firewall --query Schema --output text | jq .handlers

実行結果

{
  "create": {
    "permissions": [
      "ec2:CreateVpcEndpoint",
      "ec2:DescribeVpcEndpoints",
      "ec2:DescribeSubnets",
      "ec2:DescribeVpcs",
      "network-firewall:CreateFirewall",
      "network-firewall:DescribeFirewallPolicy",
      "network-firewall:DescribeRuleGroup",
      "network-firewall:TagResource"
    ]
  },
  "read": {
    "permissions": [
      "network-firewall:DescribeFirewall",
      "network-firewall:ListTagsForResources"
    ]
  },
  "update": {
    "permissions": [
      "network-firewall:AssociateSubnets",
      "network-firewall:DisassociateSubnets",
      "network-firewall:UpdateFirewallDescription",
      "network-firewall:UpdateFirewallDeleteProtection",
      "network-firewall:UpdateSubnetChangeProtection",
      "network-firewall:UpdateFirewallPolicyChangeProtection",
      "network-firewall:AssociateFirewallPolicy",
      "network-firewall:TagResource",
      "network-firewall:UntagResource",
      "network-firewall:DescribeFirewall"
    ]
  },
  "delete": {
    "permissions": [
      "ec2:DeleteVpcEndpoints",
      "logs:DescribeLogGroups",
      "logs:DescribeResourcePolicies",
      "logs:GetLogDelivery",
      "logs:ListLogDeliveries",
      "network-firewall:DeleteFirewall",
      "network-firewall:UntagResource"
    ]
  },
  "list": {
    "permissions": [
      "network-firewall:ListFirewalls"
    ]
  }
}

Author And Source

この問題について(CloudFormationで権限周りのエラーにハマったとき), 我々は、より多くの情報をここで見つけました https://qiita.com/1ksen/items/f034ee3951316054f81b

著者帰属：元の著者の情報は、元のURLに含まれています。著作権は原作者に属する。

Content is automatically searched and collected through network algorithms . If there is a violation . Please contact us . We will adjust (correct author information ,or delete content ) as soon as possible .