AWS CloudFormationのデプロイエラー
6542 ワード
express-generatorで生成したテンプレートプロジェクトをTypeScript実装に置換|AWSでサーバレス化の続きで、
CloudFormationにデプロイしようとしたらエラーが出た。
IAMユーザの権限からAdministratorAccessを消したのでエラーになったようだ。
AdministratorAccessの権限を付けてしまえば、恐らく何でも動くんだろうが、
普通はどうやって管理するものなのか、AWS初心者なのでよくわからない。
闇雲に強い権限を与えるのは良くないって事だけはわかる。。。
エラー
- aws cloudformation deployでGetTemplateSummaryの権限が無いってエラーが出てる
#"setup": "npm i && (aws s3api get-bucket-location --bucket $npm_package_config_s3BucketName --region $npm_package_config_region || yarn create-bucket) && yarn package-deploy"
yarn setup
yarn run v1.6.0
$ npm i && (aws s3api get-bucket-location --bucket $npm_package_config_s3BucketName --region $npm_package_config_region || yarn create-bucket) && yarn package-deploy
up to date in 1.469s
{
"LocationConstraint": "ap-northeast-1"
}
$ yarn package && yarn deploy
$ aws cloudformation package --template ./cloudformation.yaml --s3-bucket $npm_package_config_s3BucketName --output-template packaged-sam.yaml --region $npm_package_config_region
Uploading to df1d86f794bdfa35e787d3f7414afdc4 16890828 / 16890828.0 (100.00%)
Successfully packaged artifacts and wrote output template to file packaged-sam.yaml.
Execute the following command to deploy the packaged template
aws cloudformation deploy --template-file /Users/uwettie/works/todo/packaged-sam.yaml --stack-name <YOUR STACK NAME>
$ aws cloudformation deploy --template-file packaged-sam.yaml --stack-name $npm_package_config_cloudFormationStackName --capabilities CAPABILITY_IAM --region $npm_package_config_region
An error occurred (AccessDenied) when calling the GetTemplateSummary operation: User: arn:aws:iam::[Accesskey]:user/[user] is not authorized to perform: cloudformation:GetTemplateSummary
error Command failed with exit code 255.
info Visit https://yarnpkg.com/en/docs/cli/run for documentation about this command.
error Command failed with exit code 1.
info Visit https://yarnpkg.com/en/docs/cli/run for documentation about this command.
error Command failed with exit code 1.
info Visit https://yarnpkg.com/en/docs/cli/run for documentation about this command.
対応
#"setup": "npm i && (aws s3api get-bucket-location --bucket $npm_package_config_s3BucketName --region $npm_package_config_region || yarn create-bucket) && yarn package-deploy"
yarn setup
yarn run v1.6.0
$ npm i && (aws s3api get-bucket-location --bucket $npm_package_config_s3BucketName --region $npm_package_config_region || yarn create-bucket) && yarn package-deploy
up to date in 1.469s
{
"LocationConstraint": "ap-northeast-1"
}
$ yarn package && yarn deploy
$ aws cloudformation package --template ./cloudformation.yaml --s3-bucket $npm_package_config_s3BucketName --output-template packaged-sam.yaml --region $npm_package_config_region
Uploading to df1d86f794bdfa35e787d3f7414afdc4 16890828 / 16890828.0 (100.00%)
Successfully packaged artifacts and wrote output template to file packaged-sam.yaml.
Execute the following command to deploy the packaged template
aws cloudformation deploy --template-file /Users/uwettie/works/todo/packaged-sam.yaml --stack-name <YOUR STACK NAME>
$ aws cloudformation deploy --template-file packaged-sam.yaml --stack-name $npm_package_config_cloudFormationStackName --capabilities CAPABILITY_IAM --region $npm_package_config_region
An error occurred (AccessDenied) when calling the GetTemplateSummary operation: User: arn:aws:iam::[Accesskey]:user/[user] is not authorized to perform: cloudformation:GetTemplateSummary
error Command failed with exit code 255.
info Visit https://yarnpkg.com/en/docs/cli/run for documentation about this command.
error Command failed with exit code 1.
info Visit https://yarnpkg.com/en/docs/cli/run for documentation about this command.
error Command failed with exit code 1.
info Visit https://yarnpkg.com/en/docs/cli/run for documentation about this command.
適切な対応かは一切わからないものの、これで動いた。
- cloudformationの全操作を許可する権限を追加
- cloudformation.yamlのLambdaExecutionRoleを作成時に権限エラーも出てたので、必要な分だけIAMロールの権限を追加
ポリシー名:AWSCloudFormationDeployer
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"iam:DeleteRolePolicy",
"iam:CreateRole",
"iam:DeleteRole",
"iam:PutRolePolicy"
],
"Resource": "arn:aws:iam::*:role/*"
},
{
"Sid": "VisualEditor1",
"Effect": "Allow",
"Action": "cloudformation:*",
"Resource": "*"
}
]
}
AWSを使いこなすまでの道のりは険しい。。。
Author And Source
この問題について(AWS CloudFormationのデプロイエラー), 我々は、より多くの情報をここで見つけました https://qiita.com/uegaki-masaaki/items/b6a4b7ba961819ec0ce6著者帰属:元の著者の情報は、元のURLに含まれています。著作権は原作者に属する。
Content is automatically searched and collected through network algorithms . If there is a violation . Please contact us . We will adjust (correct author information ,or delete content ) as soon as possible .