Amazon web services 如何调试cloudformation模板?策略中的语法错误。YAML文件
部署堆栈时出现的错误:Amazon web services 如何调试cloudformation模板?策略中的语法错误。YAML文件,amazon-web-services,configuration,amazon-cloudformation,amazon-iam,Amazon Web Services,Configuration,Amazon Cloudformation,Amazon Iam,部署堆栈时出现的错误: Syntax errors in policy. (Service: AmazonIdentityManagement; Status Code: 400; Error Code: MalformedPolicyDocument; Request ID: 这是导致错误的我的角色策略: roleEc2: Type: AWS::IAM::Role Properties: AssumeRolePolicyDocument: Version: "2012-10
Syntax errors in policy. (Service: AmazonIdentityManagement; Status Code: 400; Error Code: MalformedPolicyDocument; Request ID:
这是导致错误的我的角色策略:
roleEc2:
Type: AWS::IAM::Role
Properties:
AssumeRolePolicyDocument:
Version: "2012-10-17"
Statement:
-
Effect: Allow
Principal:
Service:
- 'ec2.amazonaws.com'
Action:
- 'sts:AssumeRole'
Path: '/'
Policies:
-
PolicyName: 'bucket-access'
PolicyDocument:
Version: '2012-10-17'
Id: 'BucketPolicy'
Statement:
- Effect: Allow
Action:
- s3:ListBucket
- s3:GetObject
- s3:GetBucketLocation
Resource:
- arn:aws:s3:::code-dir
- arn:aws:s3:::code-dir/*
Principal: !Ref BucketPrincipal
我不知道如何调试它,我不知道如何理解哪里有错误,什么行号。(我知道这是一年后的事,但仍然…)我喜欢使用的一个好工具是cfn lint:在模板上运行它,它将显示您在哪一行上做错了什么:
代码中的问题:没有前四行,IAM策略中不能有主体(最后一行)
文档的根级别是一个映射。第一个键缩进两个空格,第二个键缩进两个空格。这是无效的,它们都必须缩进相同的金额。如果删除
roleEc2
之前的空格,并假定的构造函数!Ref
可用,这是有效的YAML。请参阅:
---
AWSTemplateFormatVersion: '2010-09-09'
Description: AoD CloudFormation Template Detective Controls
Resources:
roleEc2:
Type: AWS::IAM::Role
Properties:
AssumeRolePolicyDocument:
Version: "2012-10-17"
Statement:
-
Effect: Allow
Principal:
Service:
- 'ec2.amazonaws.com'
Action:
- 'sts:AssumeRole'
Path: '/'
Policies:
-
PolicyName: 'bucket-access'
PolicyDocument:
Version: '2012-10-17'
Id: 'BucketPolicy'
Statement:
- Effect: Allow
Action:
- s3:ListBucket
- s3:GetObject
- s3:GetBucketLocation
Resource:
- arn:aws:s3:::code-dir
- arn:aws:s3:::code-dir/*