Fatal编程技术网
  • amazon-web-services/
  • Amazon web services 如何调试cloudformation模板?策略中的语法错误。YAML文件

Amazon web services 如何调试cloudformation模板?策略中的语法错误。YAML文件

amazon-web-services configuration amazon-cloudformation

Amazon web services 如何调试cloudformation模板?策略中的语法错误。YAML文件,amazon-web-services,configuration,amazon-cloudformation,amazon-iam,Amazon Web Services,Configuration,Amazon Cloudformation,Amazon Iam,部署堆栈时出现的错误: Syntax errors in policy. (Service: AmazonIdentityManagement; Status Code: 400; Error Code: MalformedPolicyDocument; Request ID: 这是导致错误的我的角色策略: roleEc2: Type: AWS::IAM::Role Properties: AssumeRolePolicyDocument: Version: "2012-10

部署堆栈时出现的错误:

Syntax errors in policy. (Service: AmazonIdentityManagement; Status Code: 400; Error Code: MalformedPolicyDocument; Request ID:
这是导致错误的我的角色策略:

  roleEc2:
Type: AWS::IAM::Role
Properties:
  AssumeRolePolicyDocument:
    Version: "2012-10-17"
    Statement:
      -
        Effect: Allow
        Principal:
          Service:
            - 'ec2.amazonaws.com'
        Action:
            - 'sts:AssumeRole'
  Path: '/'
  Policies:
    -
      PolicyName: 'bucket-access'
      PolicyDocument:
        Version: '2012-10-17'
        Id: 'BucketPolicy'
        Statement:
        - Effect: Allow
          Action:
          - s3:ListBucket
          - s3:GetObject
          - s3:GetBucketLocation
          Resource:
          - arn:aws:s3:::code-dir
          - arn:aws:s3:::code-dir/*
          Principal: !Ref BucketPrincipal
我不知道如何调试它,我不知道如何理解哪里有错误,什么行号。

(我知道这是一年后的事,但仍然…)我喜欢使用的一个好工具是cfn lint:在模板上运行它,它将显示您在哪一行上做错了什么:

代码中的问题:没有前四行,IAM策略中不能有主体(最后一行)

文档的根级别是一个映射。第一个键缩进两个空格,第二个键缩进两个空格。这是无效的,它们都必须缩进相同的金额。如果删除
roleEc2
之前的空格,并假定
的构造函数!Ref
可用,这是有效的YAML。请参阅: 
---
AWSTemplateFormatVersion: '2010-09-09'
Description: AoD CloudFormation Template Detective Controls
Resources:
  roleEc2:
    Type: AWS::IAM::Role
    Properties:
      AssumeRolePolicyDocument:
        Version: "2012-10-17"
        Statement:
          -
            Effect: Allow
            Principal:
              Service:
                - 'ec2.amazonaws.com'
            Action:
                - 'sts:AssumeRole'
      Path: '/'
      Policies:
        -
          PolicyName: 'bucket-access'
          PolicyDocument:
            Version: '2012-10-17'
            Id: 'BucketPolicy'
            Statement:
            - Effect: Allow
              Action:
              - s3:ListBucket
              - s3:GetObject
              - s3:GetBucketLocation
              Resource:
              - arn:aws:s3:::code-dir
              - arn:aws:s3:::code-dir/*