1 Answer
- Newest
- Most votes
- Most comments
0
Hi THere
What is the error you are getting when the stack fails? One issue i see is that you are specifying {AWS::Region}
in your ManagedPolicyArns
. Managed Policies dont have a region in their ARN's as IAM is a Global service. Please make sure you copy the ARN from the IAM policy. Example: arn:aws:iam::aws:policy/ReadOnlyAccess
I tested using this template and the ssm paramater and it works
{
"Resources": {
"Role": {
"Type": "AWS::IAM::Role",
"Properties": {
"AssumeRolePolicyDocument": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": "lambda.amazonaws.com"
},
"Action": "sts:AssumeRole"
}
]
},
"RoleName": "{{resolve:ssm:Rolename:1}}",
"MaxSessionDuration": 3600,
"ManagedPolicyArns": [
"arn:aws:iam::aws:policy/ReadOnlyAccess"
],
"Path": "/"
}
}
}
}
Relevant content
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 5 months ago