问题描述
我正在尝试使用访问日志创建 S3 存储桶,这就是我在 yaml 中的云形成模板的样子
AccesslogBucket:
DeletionPolicy: Retain
Properties:
BucketEncryption:
AccessControl: LogDeliveryWrite
ServerSideEncryptionConfiguration:
- ServerSideEncryptionByDefault:
SSEAlgorithm: AES256
BucketName: accesslog-dub-bucket
VersioningConfiguration:
Status: Enabled
Type: AWS::S3::Bucket
MyusecaseS3bucket:
DeletionPolicy: Retain
DependsOn:
- AccesslogBucket
Properties:
BucketEncryption:
ServerSideEncryptionConfiguration:
- ServerSideEncryptionByDefault:
SSEAlgorithm: AES256
BucketName: my-usecase-s3-bucket
LoggingConfiguration:
DestinationBucketName: accesslog-dub-bucket
LogFilePrefix: log-
VersioningConfiguration:
Status: Enabled
Type: AWS::S3::Bucket
但是 cloudformation 模板给了我异常 Encountered unsupported property AccessControl ,我看到我在正确的部分(即在 Accesslogbucket 的 Properties 部分)中声明了“AccessControl”,它是一个有效的 property ,所以我不确定我哪里出错了。有人可以指出我这里的问题以及如何纠正它。
解决方法
您将 AccessControl: LogDeliveryWrite 置于 BucketEncryption 之下,这是不正确的。它应该在 Properties 下。基本上仔细检查你的缩进:
AccesslogBucket:
DeletionPolicy: Retain
Properties:
AccessControl: LogDeliveryWrite
BucketEncryption:
ServerSideEncryptionConfiguration:
- ServerSideEncryptionByDefault:
SSEAlgorithm: AES256