I just got stuck on a CloudFormation gotcha for an hour. I was trying to add an access policy to an SQS queue to allow SNS to post messages to it, but it gave this error:
An error occurred: myQueue – Invalid value for the parameter Policy. (Service: AmazonSQS; Status Code: 400; Error Code: InvalidAttributeValue).
The CloudFormation YAML for that queue was:
Type: AWS::SQS::QueuePolicy Properties: Queues: - Ref: myQueue PolicyDocument: Id: QueuePolicy Version: 2012-10-17 Statement: - Sid: sendMessagesToQueue Effect: Allow Principal: AWS: "*" Action: - sqs:SendMessage Resource: "*" Condition: ArnEquals: aws:SourceArn: Ref: myTopic
The problem with this policy is that YAML automatically parses anything that looks like an ISO-formatted date
, so when Serverless
converted my YAML CloudFormation to JSON to be uploaded, that “2012-10-17” date was transformed to:
Whoops! Adding quotes around the date in the Version field fixes this problem: