Amazon cloudformation 无服务器框架错误策略语句必须包含操作_Amazon Cloudformation_Serverless Framework_Serverless

Amazon cloudformation 无服务器框架错误策略语句必须包含操作

amazon-cloudformation

Amazon cloudformation 无服务器框架错误策略语句必须包含操作,amazon-cloudformation,serverless-framework,serverless,Amazon Cloudformation,Serverless Framework,Serverless,我有一个IAM策略，无法使用无服务器框架进行部署。错误消息为（服务：AmazonIdentityManagement；状态代码：400；错误代码：格式不正确的policyDocument；）。该策略如下所示： DtcServiceFunctionRole: Type: AWS::IAM::Role Properties: Path: "/" RoleName: DtcServiceFunctionRole AssumeRolePolicyDocument: Version:

我有一个IAM策略，无法使用无服务器框架进行部署。错误消息为（服务：AmazonIdentityManagement；状态代码：400；错误代码：格式不正确的policyDocument；）。该策略如下所示：

DtcServiceFunctionRole:
Type: AWS::IAM::Role
Properties:
  Path: "/"
  RoleName: DtcServiceFunctionRole
  AssumeRolePolicyDocument:
    Version: '2012-10-17'
    Statement:
      - Effect: Allow
        Principal:
          Service:
            - lambda.amazonaws.com
        Action: sts:AssumeRole
  Policies:
    - PolicyName: dtc-invoke-policy
      PolicyDocument:
        Version: '2012-10-17'
        Statement:
          - Effect: Allow
            Action:
              - "lambda:InvokeFunction"
            Resource:
              - "arn:aws:lambda:us-east-1:xxxxxxxxxxxxx:function:NotificationServiceFunction"
    - PolicyName: dtc-dynamodb-policy
      PolicyDocument:
        Version: '2012-10-17'
        Statement:
          - Effect: Allow
            Action:
            - "dynamodb:BatchGetItem"
            - "dynamodb:BatchWriteItem"
            - "dynamodb:DeleteItem"
            - "dynamodb:GetItem"
            - "dynamodb:PutItem"
            - "dynamodb:Query"
            - "dynamodb:Scan"
            - "dynamodb:UpdateItem"
            Resource:
              - "arn:aws:dynamodb:us-east-1:xxxxxxxxxxxxx:table/VehicleDtcTable"
              - "arn:aws:dynamodb:us-east-1:xxxxxxxxxxxxx:table/DtcTable"
          - Effect: Allow

任何能为我指明正确方向的帮助都将不胜感激。谢谢。

看起来您的yaml在以下位置缩进不正确：

        Statement:
      - Effect: Allow
        Action:
        - "dynamodb:BatchGetItem"
        - "dynamodb:BatchWriteItem"
        - "dynamodb:DeleteItem"
        - "dynamodb:GetItem"
        - "dynamodb:PutItem"
        - "dynamodb:Query"
        - "dynamodb:Scan"
        - "dynamodb:UpdateItem"

应该是：

DtcServiceFunctionRole:
Type: AWS::IAM::Role
Properties:
  Path: "/"
  RoleName: DtcServiceFunctionRole
  AssumeRolePolicyDocument:
    Version: '2012-10-17'
    Statement:
      - Effect: Allow
        Principal:
          Service:
            - lambda.amazonaws.com
        Action: sts:AssumeRole
  Policies:
    - PolicyName: dtc-invoke-policy
      PolicyDocument:
        Version: '2012-10-17'
        Statement:
          - Effect: Allow
            Action:
              - "lambda:InvokeFunction"
            Resource:
              - "arn:aws:lambda:us-east-1:xxxxxxxxxxxxx:function:NotificationServiceFunction"
    - PolicyName: dtc-dynamodb-policy
      PolicyDocument:
        Version: '2012-10-17'
        Statement:
          - Effect: Allow
            Action:
              - "dynamodb:BatchGetItem"
              - "dynamodb:BatchWriteItem"
              - "dynamodb:DeleteItem"
              - "dynamodb:GetItem"
              - "dynamodb:PutItem"
              - "dynamodb:Query"
              - "dynamodb:Scan"
              - "dynamodb:UpdateItem"
            Resource:
              - "arn:aws:dynamodb:us-east-1:xxxxxxxxxxxxx:table/VehicleDtcTable"
              - "arn:aws:dynamodb:us-east-1:xxxxxxxxxxxxx:table/DtcTable"
          - Effect: Allow