AWS CloudFormation YAML gotcha

科技动态 2018-07-06 阅读原文

I just got stuck on a CloudFormation gotcha for an hour. I was trying to add an access policy to an SQS queue to allow SNS to post messages to it, but it gave this error:

An error occurred: myQueue – Invalid value for the parameter Policy. (Service: AmazonSQS; Status Code: 400; Error Code: InvalidAttributeValue).

The CloudFormation YAML for that queue was:

Type: AWS::SQS::QueuePolicy
Properties:
  Queues:
    - Ref: myQueue
  PolicyDocument:
    Id: QueuePolicy
    Version: 2012-10-17
    Statement:
      - Sid: sendMessagesToQueue
        Effect: Allow
        Principal:
          AWS: "*"
        Action:
         - sqs:SendMessage
        Resource: "*"
        Condition:
          ArnEquals:
            aws:SourceArn:
              Ref: myTopic

The problem with this policy is that YAML automatically parses anything that looks like an ISO-formatted date
, so when Serverless
converted my YAML CloudFormation to JSON to be uploaded, that “2012-10-17” date was transformed to:

"Version": "2012-10-17T00:00:00.000Z"

Whoops! Adding quotes around the date in the Version field fixes this problem:

Version: "2012-10-17"

责编内容by:Nicholas Sherlock 【阅读原文】。感谢您的支持!

您可能感兴趣的

Creating Custom Policies in MuleSoft MuleSoft provides certain built-in policies which can be referred to address general situations to filter unwanted traff...
renderer – a rendering package for Go #web #... Package renderer https://travis-ci.org/thedevsaddam/renderer https://github.com/thedevsaddam/renderer/releases https...
Brief YAML reference There is no official YAML reference guide. The YAML website only offers the YAML specification , which is a dense an...
記一次 AWS EKS troubleshooting 的歷程 千呼萬喚下,前陣子 AWS 版本的 Kubernetes 終於 GA 了,但其實真正玩過後,跟之前用 CoreOS 跑起來的 Kubernetes 有不少的差別,主要是因為 AWS 需要把 IAM 及 Network 部分和 Kub...
Everything You Need to Know About Monitoring Mixin... There are lots of great community-built dashboards available in the Grafana website , and we’ve made it easier tha...