Durch die Nutzung von AWS re:Post stimmt du den AWS re:Post Nutzungsbedingungen
AWS re:Postre:Post

错误:IAM角色ARN值无效或不包含所需的SQLSERVER_AUDIT | Cloudformation权限。

0

【以下的问题经过翻译处理】 大家好,

当尝试运行下面的模板时,我遇到了IAM角色Arn无效的错误。在审计日志的选项组中使用出现错误的IAM角色。在参数部分中,它被称为

IAMRoleARN:
    Description: Arn of IAM role used for audit log
    Type: String  


选项组配置:
myOptionGroup:
    类型: “AWS :: RDS :: OptionGroup”
    属性:
      EngineName:sqlserver-ex
      MajorEngineVersion:“15.00”
      OptionGroupDescription:rds的选项组
      OptionConfigurations:
        -
          OptionName:SQLSERVER_AUDIT
          OptionSettings:
             -  Name:S3_BUCKET_ARN
                Value:!Ref 'S3BucketARN'
             -  Name:IAM_ROLE_ARN
                Value:Ref 'IAMRoleARN'

https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Appendix.SQLServer.Options.Audit.html#Appendix.SQLServer.Options[%E2%80%A6]ateAuditsAndSpecifications

整个CFT如下所述:

Parameters:
  DBUser:
    NoEcho: 'false'
    Description: The database admin account username
    Type: String
    MinLength: '1'
    MaxLength: '16'
  DBPassword:
    NoEcho: 'true'
    Description: The database admin account password
    Type: String
    MinLength: '8'
    MaxLength: '41'
  DBInstanceClass:
    Description: Instance class for RDS
    Type: String
    MinLength: '1'
    MaxLength: '16'
  AllocatedStorage:
    Description: Required storage
    Type: Number
  Engine:
    Description: DB Engine
    Type: String
    MinLength: '1'
    MaxLength: '16'
  EngineVersion:
    Description: RDS version
    Type: String
  BackupRetentionPeriod:
    Description: RDS retention period
    Type: String
  DBInstanceIdentifier:
    Description: DB identifier
    Type: String
  BackupRetentionPeriod:
    Description: RDS retention period
    Type: String
  EnablePerformanceInsights:
    Description: Enable or Disable performance insight
    Type: String
  MultiAZ:
    Description: Enable or diable multi AZ
    Type: String
  PreferredBackupWindow:
    Description: Backup window
    Type: String
  PreferredMaintenanceWindow:
    Description: Maintainence window
    Type: String
  VPCSecurityGroups:
    Description: SG for RDS
    Type: String
  SubnetID1:
    Description: Subnets for the RDS in subnet group
    Type: String
  SubnetID2:
    Description: Subnets for the RDS in subnet group
    Type: String
  MaxAllocatedStorage:
    Description: Scales database to a specific threshold
    Type: Number
    Default: 1000
  MonitoringRoleArn:
    Description: RDS Monitoring Role
    Type: String
  BucketName:
    Description: Name of S3 bucket for audit log
    Type: String
  S3BucketARN:
    Description: Arn of S3 bucket used for audit log
    Type: String
  IAMRoleARN:
    Description: Arn of IAM role used for audit log
    Type: String    
Resources:
  MyDB:
    Type: AWS::RDS::DBInstance
    Properties:
      AllocatedStorage: !Ref 'AllocatedStorage'
      DBInstanceClass: !Ref 'DBInstanceClass'
      Engine: !Ref 'Engine'
      EngineVersion: !Ref 'EngineVersion'
      LicenseModel: license-included
      BackupRetentionPeriod: !Ref 'BackupRetentionPeriod'
      DBInstanceIdentifier: !Ref 'DBInstanceIdentifier'
      DBSubnetGroupName: !Ref 'MYSubnetGroup'
      EnableCloudwatchLogsExports: 
         - error
      EnablePerformanceInsights: !Ref 'EnablePerformanceInsights'
      MultiAZ: !Ref 'MultiAZ'
      OptionGroupName: !Ref 'myOptionGroup'
      PreferredBackupWindow: !Ref 'PreferredBackupWindow'
      PreferredMaintenanceWindow: !Ref 'PreferredMaintenanceWindow'
      PubliclyAccessible: False
      StorageType: gp2
      MaxAllocatedStorage: !Ref 'MaxAllocatedStorage'
      MonitoringInterval: 60
      MonitoringRoleArn: !Ref 'MonitoringRoleArn'
      VPCSecurityGroups: 
        - !Ref 'VPCSecurityGroups'
      MasterUsername: !Ref 'DBUser'
      MasterUserPassword: !Ref 'DBPassword'
      DBParameterGroupName: !Ref 'MyRDSParamGroup'
      DeletionProtection: False
      AutoMinorVersionUpgrade: False
      CopyTagsToSnapshot: True
  MyRDSParamGroup:
    Type: AWS::RDS::DBParameterGroup
    Properties:
      Family: sqlserver-ex-15.0
      Description: CloudFormation Sample Database Parameter Group
      Parameters:
        rds.force_ssl: '1'
  myOptionGroup: 
    Type: "AWS::RDS::OptionGroup"
    Properties: 
      EngineName: sqlserver-ex
      MajorEngineVersion: "15.00"
      OptionGroupDescription: option group for the rds
      OptionConfigurations: 
        - 
          OptionName: SQLSERVER_AUDIT
          OptionSettings: 
             -  Name: S3_BUCKET_ARN
                Value: !Ref 'S3BucketARN'
             -  Name: IAM_ROLE_ARN
                Value: Ref 'IAMRoleARN'        
  MYSubnetGroup:
    Type: AWS::RDS::DBSubnetGroup
    Properties: 
      DBSubnetGroupDescription: subnet group for the rds
      SubnetIds: 
        - !Ref 'SubnetID1'
        - !Ref 'SubnetID2'
Themen
DatenbankMigration und ModernisierungAnalysenManagement & Unternehmensführung
Tags
Microsoft SQL ServerAmazon Relational Database ServiceAWS CloudFormationDatenbank
Sprache
中文 (简体)
profile picture
EXPERTE
rePost Polyglot
gefragt vor 8 Monaten92 Aufrufe
1 Antwort
0

【以下的回答经过翻译处理】 我不知道你遇到了什么错误,但是它不应该是"Value: Ref 'IAMRoleARN'",而应该是"Value: !Ref 'IAMRoleARN'"。

可能是"Ref"写错了。

以下信息是正确的。

myOptionGroup:
  Type: "AWS::RDS::OptionGroup"
  Properties:
    EngineName: sqlserver-ex
    MajorEngineVersion: "15.00"
    OptionGroupDescription: RDS选项组
    OptionConfigurations:
      -
        OptionName: SQLSERVER_AUDIT
        OptionSettings:
          -
            Name: S3_BUCKET_ARN
            Value: !Ref 'S3BucketARN'
          -
            Name: IAM_ROLE_ARN
            Value: !Ref 'IAMRoleARN'
profile picture
EXPERTE
rePost Polyglot
beantwortet vor 8 Monaten

Du bist nicht angemeldet. Anmelden um eine Antwort zu veröffentlichen.

Eine gute Antwort beantwortet die Frage klar, gibt konstruktives Feedback und fördert die berufliche Weiterentwicklung des Fragenstellers.

Richtlinien für die Beantwortung von Fragen

Relevanter Inhalt