Amazon cloudformation 无服务器框架错误策略语句必须包含操作
我有一个IAM策略,无法使用无服务器框架进行部署。错误消息为(服务:AmazonIdentityManagement;状态代码:400;错误代码:格式不正确的policyDocument;)。该策略如下所示:Amazon cloudformation 无服务器框架错误策略语句必须包含操作,amazon-cloudformation,serverless-framework,serverless,Amazon Cloudformation,Serverless Framework,Serverless,我有一个IAM策略,无法使用无服务器框架进行部署。错误消息为(服务:AmazonIdentityManagement;状态代码:400;错误代码:格式不正确的policyDocument;)。该策略如下所示: DtcServiceFunctionRole: Type: AWS::IAM::Role Properties: Path: "/" RoleName: DtcServiceFunctionRole AssumeRolePolicyDocument: Version:
DtcServiceFunctionRole:
Type: AWS::IAM::Role
Properties:
Path: "/"
RoleName: DtcServiceFunctionRole
AssumeRolePolicyDocument:
Version: '2012-10-17'
Statement:
- Effect: Allow
Principal:
Service:
- lambda.amazonaws.com
Action: sts:AssumeRole
Policies:
- PolicyName: dtc-invoke-policy
PolicyDocument:
Version: '2012-10-17'
Statement:
- Effect: Allow
Action:
- "lambda:InvokeFunction"
Resource:
- "arn:aws:lambda:us-east-1:xxxxxxxxxxxxx:function:NotificationServiceFunction"
- PolicyName: dtc-dynamodb-policy
PolicyDocument:
Version: '2012-10-17'
Statement:
- Effect: Allow
Action:
- "dynamodb:BatchGetItem"
- "dynamodb:BatchWriteItem"
- "dynamodb:DeleteItem"
- "dynamodb:GetItem"
- "dynamodb:PutItem"
- "dynamodb:Query"
- "dynamodb:Scan"
- "dynamodb:UpdateItem"
Resource:
- "arn:aws:dynamodb:us-east-1:xxxxxxxxxxxxx:table/VehicleDtcTable"
- "arn:aws:dynamodb:us-east-1:xxxxxxxxxxxxx:table/DtcTable"
- Effect: Allow
任何能为我指明正确方向的帮助都将不胜感激。谢谢。看起来您的yaml在以下位置缩进不正确:
Statement:
- Effect: Allow
Action:
- "dynamodb:BatchGetItem"
- "dynamodb:BatchWriteItem"
- "dynamodb:DeleteItem"
- "dynamodb:GetItem"
- "dynamodb:PutItem"
- "dynamodb:Query"
- "dynamodb:Scan"
- "dynamodb:UpdateItem"
应该是:
DtcServiceFunctionRole:
Type: AWS::IAM::Role
Properties:
Path: "/"
RoleName: DtcServiceFunctionRole
AssumeRolePolicyDocument:
Version: '2012-10-17'
Statement:
- Effect: Allow
Principal:
Service:
- lambda.amazonaws.com
Action: sts:AssumeRole
Policies:
- PolicyName: dtc-invoke-policy
PolicyDocument:
Version: '2012-10-17'
Statement:
- Effect: Allow
Action:
- "lambda:InvokeFunction"
Resource:
- "arn:aws:lambda:us-east-1:xxxxxxxxxxxxx:function:NotificationServiceFunction"
- PolicyName: dtc-dynamodb-policy
PolicyDocument:
Version: '2012-10-17'
Statement:
- Effect: Allow
Action:
- "dynamodb:BatchGetItem"
- "dynamodb:BatchWriteItem"
- "dynamodb:DeleteItem"
- "dynamodb:GetItem"
- "dynamodb:PutItem"
- "dynamodb:Query"
- "dynamodb:Scan"
- "dynamodb:UpdateItem"
Resource:
- "arn:aws:dynamodb:us-east-1:xxxxxxxxxxxxx:table/VehicleDtcTable"
- "arn:aws:dynamodb:us-east-1:xxxxxxxxxxxxx:table/DtcTable"
- Effect: Allow