我使用以下CloudFormation来创建堆栈
Resources:
MyIdentityPool:
Type: AWS::Cognito::IdentityPool
Properties:
AllowUnauthenticatedIdentities: 'true'
CognitoRole:
Type: 'AWS::IAM::Role'
Properties:
AssumeRolePolicyDocument:
Version: '2012-10-17'
Statement:
- Effect: Allow
Principal:
Federated:
- 'cognito-identity.amazonaws.com'
Action: sts:AssumeRoleWithWebIdentity
Condition:
StringEquals:
cognito-identity.amazonaws.com:aud:
Ref: MyIdentityPool
ForAnyValue:StringLike:
cognito-identity.amazonaws.com:amr:
- 'authenticated'
CognitoRole2:
Type: 'AWS::IAM::Role'
Properties:
AssumeRolePolicyDocument:
Version: '2012-10-17'
Statement:
- Effect: Allow
Principal:
Federated:
- 'cognito-identity.amazonaws.com'
Action: sts:AssumeRoleWithWebIdentity
Condition:
StringEquals:
cognito-identity.amazonaws.com:aud:
Ref: MyIdentityPool
ForAnyValue:StringLike:
cognito-identity.amazonaws.com:amr:
- 'unauthenticated'
RoleAttachment:
DependsOn: MyIdentityPool
Type: 'AWS::Cognito::IdentityPoolRoleAttachment'
Properties:
IdentityPoolId:
Ref: MyPinpointIdentityPool
Roles:
unauthenticated:
Fn::GetAtt: CognitoRole2.Arn
AccessPolicy:
Type: 'AWS::IAM::Policy'
Properties:
...
Roles:
- Ref: CognitoGeneralRole
堆栈创建成功但是当我通过将IdentityPoolRoleAttachment更改为更新堆栈时
RoleAttachment:
DependsOn: MyIdentityPool
Type: 'AWS::Cognito::IdentityPoolRoleAttachment'
Properties:
IdentityPoolId:
Ref: MyPinpointIdentityPool
Roles:
unauthenticated:
Fn::GetAtt: CognitoRole2.Arn
authenticated:
Fn::GetAtt: CognitoRole.Arn
我得到 AWS::Cognito::IdentityPoolRoleAttachment Resource cannot be updated .
可能是什么原因?
1 回答
自己回答这个问题 .
根据他们的支持,根本原因是CluodFormation不支持修改角色附件