我正在尝试通过无服务器应用程序创建 cloudTrail。
CloudTrail:
Type: AWS::CloudTrail::Trail
Properties:
# CloudWatchLogsLogGroupArn: "String"
# CloudWatchLogsRoleArn: "String"
# EnableLogFileValidation: True
# EventSelectors:
# - EventSelector
# IncludeGlobalServiceEvents: True
IsLogging: True
# IsMultiRegionTrail: True
# KMSKeyId: String
S3BucketName: {"Ref" : "CloudTrailBucket"}
# S3KeyPrefix: String
# SnsTopicName: String
# Tags:
# - Tag
# TrailName: String
首先,我尝试单独创建 cloudTrail 并收到以下错误
CloudTrail - Incorrect S3 bucket policy is detected for bucket: ....
然后我添加了这个代码来创建一个策略
CloudTrailBucketPolicy:
# Version : 2012-10-17,
Type: AWS::S3::BucketPolicy
Properties:
PolicyDocument:
- Action:
- "s3:GetBucketAcl"
Effect: Allow
Resource: { "Fn::Join": ["", ["arn:aws:s3:::CloudTrailBucket"] ] }
Principal: "*"
- Action:
- "s3:PutObject"
Effect: Allow
Resource: { "Fn::Join": ["", ["arn:aws:s3:::CloudTrailBucket", "/*" ] ] }
Principal:
Service: cloudtrail.amazonaws.com
但是得到这个错误。
An error occurred: CloudTrailBucketPolicy - Value of property PolicyDocument must be an object.
你忘了Statement:
CloudTrailBucketPolicy:
# Version : 2012-10-17,
Type: AWS::S3::BucketPolicy
Properties:
Bucket: !Ref CloudTrailBucket
PolicyDocument:
Statement:
- Action:
- "s3:GetBucketAcl"
Effect: Allow
Resource: { "Fn::Join": ["", ["arn:aws:s3:::", !Ref CloudTrailBucket] ] }
Principal: "*"
- Action:
- "s3:PutObject"
Effect: Allow
Resource: { "Fn::Join": ["", ["arn:aws:s3:::", !Ref CloudTrailBucket, "/*" ] ] }
Principal:
Service: cloudtrail.amazonaws.com
本文收集自互联网,转载请注明来源。
如有侵权,请联系[email protected] 删除。
我来说两句