使用AWS re:Post即您表示您同意 AWS re:Post 使用条款
AWS re:Postre:Post

错误:IAM角色ARN值无效或不包含所需的SQLSERVER_AUDIT | Cloudformation权限。

0

【以下的问题经过翻译处理】 大家好,

当尝试运行下面的模板时,我遇到了IAM角色Arn无效的错误。在审计日志的选项组中使用出现错误的IAM角色。在参数部分中,它被称为

IAMRoleARN:
    Description: Arn of IAM role used for audit log
    Type: String  


选项组配置:
myOptionGroup:
    类型: “AWS :: RDS :: OptionGroup”
    属性:
      EngineName:sqlserver-ex
      MajorEngineVersion:“15.00”
      OptionGroupDescription:rds的选项组
      OptionConfigurations:
        -
          OptionName:SQLSERVER_AUDIT
          OptionSettings:
             -  Name:S3_BUCKET_ARN
                Value:!Ref 'S3BucketARN'
             -  Name:IAM_ROLE_ARN
                Value:Ref 'IAMRoleARN'

https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Appendix.SQLServer.Options.Audit.html#Appendix.SQLServer.Options[%E2%80%A6]ateAuditsAndSpecifications

整个CFT如下所述:

Parameters:
  DBUser:
    NoEcho: 'false'
    Description: The database admin account username
    Type: String
    MinLength: '1'
    MaxLength: '16'
  DBPassword:
    NoEcho: 'true'
    Description: The database admin account password
    Type: String
    MinLength: '8'
    MaxLength: '41'
  DBInstanceClass:
    Description: Instance class for RDS
    Type: String
    MinLength: '1'
    MaxLength: '16'
  AllocatedStorage:
    Description: Required storage
    Type: Number
  Engine:
    Description: DB Engine
    Type: String
    MinLength: '1'
    MaxLength: '16'
  EngineVersion:
    Description: RDS version
    Type: String
  BackupRetentionPeriod:
    Description: RDS retention period
    Type: String
  DBInstanceIdentifier:
    Description: DB identifier
    Type: String
  BackupRetentionPeriod:
    Description: RDS retention period
    Type: String
  EnablePerformanceInsights:
    Description: Enable or Disable performance insight
    Type: String
  MultiAZ:
    Description: Enable or diable multi AZ
    Type: String
  PreferredBackupWindow:
    Description: Backup window
    Type: String
  PreferredMaintenanceWindow:
    Description: Maintainence window
    Type: String
  VPCSecurityGroups:
    Description: SG for RDS
    Type: String
  SubnetID1:
    Description: Subnets for the RDS in subnet group
    Type: String
  SubnetID2:
    Description: Subnets for the RDS in subnet group
    Type: String
  MaxAllocatedStorage:
    Description: Scales database to a specific threshold
    Type: Number
    Default: 1000
  MonitoringRoleArn:
    Description: RDS Monitoring Role
    Type: String
  BucketName:
    Description: Name of S3 bucket for audit log
    Type: String
  S3BucketARN:
    Description: Arn of S3 bucket used for audit log
    Type: String
  IAMRoleARN:
    Description: Arn of IAM role used for audit log
    Type: String    
Resources:
  MyDB:
    Type: AWS::RDS::DBInstance
    Properties:
      AllocatedStorage: !Ref 'AllocatedStorage'
      DBInstanceClass: !Ref 'DBInstanceClass'
      Engine: !Ref 'Engine'
      EngineVersion: !Ref 'EngineVersion'
      LicenseModel: license-included
      BackupRetentionPeriod: !Ref 'BackupRetentionPeriod'
      DBInstanceIdentifier: !Ref 'DBInstanceIdentifier'
      DBSubnetGroupName: !Ref 'MYSubnetGroup'
      EnableCloudwatchLogsExports: 
         - error
      EnablePerformanceInsights: !Ref 'EnablePerformanceInsights'
      MultiAZ: !Ref 'MultiAZ'
      OptionGroupName: !Ref 'myOptionGroup'
      PreferredBackupWindow: !Ref 'PreferredBackupWindow'
      PreferredMaintenanceWindow: !Ref 'PreferredMaintenanceWindow'
      PubliclyAccessible: False
      StorageType: gp2
      MaxAllocatedStorage: !Ref 'MaxAllocatedStorage'
      MonitoringInterval: 60
      MonitoringRoleArn: !Ref 'MonitoringRoleArn'
      VPCSecurityGroups: 
        - !Ref 'VPCSecurityGroups'
      MasterUsername: !Ref 'DBUser'
      MasterUserPassword: !Ref 'DBPassword'
      DBParameterGroupName: !Ref 'MyRDSParamGroup'
      DeletionProtection: False
      AutoMinorVersionUpgrade: False
      CopyTagsToSnapshot: True
  MyRDSParamGroup:
    Type: AWS::RDS::DBParameterGroup
    Properties:
      Family: sqlserver-ex-15.0
      Description: CloudFormation Sample Database Parameter Group
      Parameters:
        rds.force_ssl: '1'
  myOptionGroup: 
    Type: "AWS::RDS::OptionGroup"
    Properties: 
      EngineName: sqlserver-ex
      MajorEngineVersion: "15.00"
      OptionGroupDescription: option group for the rds
      OptionConfigurations: 
        - 
          OptionName: SQLSERVER_AUDIT
          OptionSettings: 
             -  Name: S3_BUCKET_ARN
                Value: !Ref 'S3BucketARN'
             -  Name: IAM_ROLE_ARN
                Value: Ref 'IAMRoleARN'        
  MYSubnetGroup:
    Type: AWS::RDS::DBSubnetGroup
    Properties: 
      DBSubnetGroupDescription: subnet group for the rds
      SubnetIds: 
        - !Ref 'SubnetID1'
        - !Ref 'SubnetID2'
主题
数据库迁移与现代化分析管理与治理
标签
微软 SQL 服务器Amazon Relational Database ServiceAWS CloudFormation数据库
语言
中文 (简体)
profile picture
专家
rePost Polyglot
已提问 8 个月前89 查看次数
1 回答
0

【以下的回答经过翻译处理】 我不知道你遇到了什么错误,但是它不应该是"Value: Ref 'IAMRoleARN'",而应该是"Value: !Ref 'IAMRoleARN'"。

可能是"Ref"写错了。

以下信息是正确的。

myOptionGroup:
  Type: "AWS::RDS::OptionGroup"
  Properties:
    EngineName: sqlserver-ex
    MajorEngineVersion: "15.00"
    OptionGroupDescription: RDS选项组
    OptionConfigurations:
      -
        OptionName: SQLSERVER_AUDIT
        OptionSettings:
          -
            Name: S3_BUCKET_ARN
            Value: !Ref 'S3BucketARN'
          -
            Name: IAM_ROLE_ARN
            Value: !Ref 'IAMRoleARN'
profile picture
专家
rePost Polyglot
已回答 8 个月前

您未登录。 登录 发布回答。

一个好的回答可以清楚地解答问题和提供建设性反馈,并能促进提问者的职业发展。

回答问题的准则

相关内容