Amazon web services 如何让用户Fn::加入无服务器框架YAML?
我在Serverless.yaml文件中有一个策略,如下所述Amazon web services 如何让用户Fn::加入无服务器框架YAML?,amazon-web-services,amazon-cloudformation,amazon-iam,serverless-framework,Amazon Web Services,Amazon Cloudformation,Amazon Iam,Serverless Framework,我在Serverless.yaml文件中有一个策略,如下所述 AppSyncDynamoDBPolicy: Type: AWS::IAM::ManagedPolicy Properties: Description: 'Managed policy' Path: /appsync/ PolicyDocument: Version: 2012-10-17 Statement:
AppSyncDynamoDBPolicy:
Type: AWS::IAM::ManagedPolicy
Properties:
Description: 'Managed policy'
Path: /appsync/
PolicyDocument:
Version: 2012-10-17
Statement:
- Effect: Allow
Action:
- dynamodb:GetItem
- dynamodb:PutItem
- dynamodb:DeleteItem
- dynamodb:UpdateItem
- dynamodb:Query
- dynamodb:Scan
- dynamodb:BatchGetItem
- dynamodb:BatchWriteItem
Resource:
Fn::Join:
- ""
- - Fn::GetAtt: [dslvehicleState, Arn]
- "*"
sls部署完成后,会抛出一个错误,如下所述
发生错误:AppSyncDynamoDBPolicy-策略中的语法错误。
(服务:AmazonIdentityManagement;状态代码:400;错误代码:
格式不正确的策略文档;请求ID:
166ba0b3-cc67-11e8-8f74-3339d857f829)
我在这里遗漏了什么?尝试一下,使用
Ref
方法:
AppSyncDynamoDBPolicy:
Type: AWS::IAM::ManagedPolicy
Properties:
Description: 'Managed policy'
Path: /appsync/
PolicyDocument:
Version: 2012-10-17
Statement:
- Effect: Allow
Action:
- dynamodb:GetItem
- dynamodb:PutItem
- dynamodb:DeleteItem
- dynamodb:UpdateItem
- dynamodb:Query
- dynamodb:Scan
- dynamodb:BatchGetItem
- dynamodb:BatchWriteItem
Resource:
Fn::Join:
- ""
- - "Ref": "dslvehicleState"
- "*"
您可以阅读有关返回值的更多信息。检查并重试后,我发现应该使用“” 更换后,以下设置工作正常 版本:'2012-10-17' 行动: -“dynamodb:GetItem” -“dynamodb:PutItem” -“dynamodb:DeleteItem” -'dynamodb:UpdateItem' -“dynamodb:Query” -“dynamodb:扫描” -“dynamodb:BatchGetItem” -'dynamodb:BatchWriteItem'
我想我们不能使用!无服务器框架中的GetAtt。因此,这无法解决问题!GetAtt“dslvicelstate.Arn”您可以用替换资源<代码>!Sub“arn:aws:dynamodb:${aws::Region}:${aws::AccountId}:table/${dslviclestate}”其中“dslviclestate”=在dynamodb资源中指定给TableName的值。
AppSyncDynamoDBPolicy:
Type: AWS::IAM::ManagedPolicy
Properties:
Description: 'Managed policy'
Path: /appsync/
PolicyDocument:
Version: 2012-10-17
Statement:
- Effect: Allow
Action:
- dynamodb:GetItem
- dynamodb:PutItem
- dynamodb:DeleteItem
- dynamodb:UpdateItem
- dynamodb:Query
- dynamodb:Scan
- dynamodb:BatchGetItem
- dynamodb:BatchWriteItem
Resource: !GetAtt "dslvehicleState.Arn"
AppSyncDynamoDBPolicy:
Type: AWS::IAM::ManagedPolicy
Properties:
Description: 'Managed policy'
Path: /appsync/
PolicyDocument:
Version: '2012-10-17'
Statement:
- Effect: Allow
Action:
- 'dynamodb:GetItem'
- 'dynamodb:PutItem'
- 'dynamodb:DeleteItem'
- 'dynamodb:UpdateItem'
- 'dynamodb:Query'
- 'dynamodb:Scan'
- 'dynamodb:BatchGetItem'
- 'dynamodb:BatchWriteItem'
Resource:
Fn::Join:
- ""
- - Fn::GetAtt: [dslvehicleState, Arn]
- "*"