Amazon web services 如何让用户Fn:：加入无服务器框架YAML？_Amazon Web Services_Amazon Cloudformation_Amazon Iam_Serverless Framework

Amazon web services 如何让用户Fn:：加入无服务器框架YAML？

amazon-web-services amazon-cloudformation

Amazon web services 如何让用户Fn:：加入无服务器框架YAML？,amazon-web-services,amazon-cloudformation,amazon-iam,serverless-framework,Amazon Web Services,Amazon Cloudformation,Amazon Iam,Serverless Framework,我在Serverless.yaml文件中有一个策略，如下所述 AppSyncDynamoDBPolicy: Type: AWS::IAM::ManagedPolicy Properties: Description: 'Managed policy' Path: /appsync/ PolicyDocument: Version: 2012-10-17 Statement:

我在Serverless.yaml文件中有一个策略，如下所述

    AppSyncDynamoDBPolicy:
      Type: AWS::IAM::ManagedPolicy
      Properties:
        Description: 'Managed policy' 
        Path: /appsync/
        PolicyDocument:
          Version: 2012-10-17
          Statement:
            - Effect: Allow
              Action: 
                - dynamodb:GetItem
                - dynamodb:PutItem
                - dynamodb:DeleteItem
                - dynamodb:UpdateItem
                - dynamodb:Query
                - dynamodb:Scan
                - dynamodb:BatchGetItem
                - dynamodb:BatchWriteItem
              Resource: 
                Fn::Join: 
                  - ""
                  - - Fn::GetAtt: [dslvehicleState, Arn]
                    - "*"

sls部署完成后，会抛出一个错误，如下所述

发生错误：AppSyncDynamoDBPolicy-策略中的语法错误。（服务：AmazonIdentityManagement；状态代码：400；错误代码：格式不正确的策略文档；请求ID: 166ba0b3-cc67-11e8-8f74-3339d857f829）

我在这里遗漏了什么？

尝试一下，使用

Ref

方法：

AppSyncDynamoDBPolicy:
  Type: AWS::IAM::ManagedPolicy
  Properties:
    Description: 'Managed policy' 
    Path: /appsync/
    PolicyDocument:
      Version: 2012-10-17
      Statement:
        - Effect: Allow
          Action: 
            - dynamodb:GetItem
            - dynamodb:PutItem
            - dynamodb:DeleteItem
            - dynamodb:UpdateItem
            - dynamodb:Query
            - dynamodb:Scan
            - dynamodb:BatchGetItem
            - dynamodb:BatchWriteItem
          Resource: 
            Fn::Join: 
              - ""
              - - "Ref": "dslvehicleState"
                - "*"

您可以阅读有关返回值的更多信息。

检查并重试后，我发现应该使用“”

更换后，以下设置工作正常

版本：'2012-10-17' 行动： -“dynamodb:GetItem” -“dynamodb:PutItem” -“dynamodb:DeleteItem” -'dynamodb:UpdateItem' -“dynamodb:Query” -“dynamodb:扫描” -“dynamodb:BatchGetItem” -'dynamodb:BatchWriteItem'

我想我们不能使用！无服务器框架中的GetAtt。因此，这无法解决问题！GetAtt“dslvicelstate.Arn”您可以用替换资源<代码>！Sub“arn:aws:dynamodb:${aws:：Region}:${aws:：AccountId}:table/${dslviclestate}”其中“dslviclestate”=在dynamodb资源中指定给TableName的值。

AppSyncDynamoDBPolicy:
  Type: AWS::IAM::ManagedPolicy
  Properties:
    Description: 'Managed policy' 
    Path: /appsync/
    PolicyDocument:
      Version: 2012-10-17
      Statement:
        - Effect: Allow
          Action: 
            - dynamodb:GetItem
            - dynamodb:PutItem
            - dynamodb:DeleteItem
            - dynamodb:UpdateItem
            - dynamodb:Query
            - dynamodb:Scan
            - dynamodb:BatchGetItem
            - dynamodb:BatchWriteItem
          Resource: !GetAtt "dslvehicleState.Arn"

AppSyncDynamoDBPolicy:
  Type: AWS::IAM::ManagedPolicy
  Properties:
    Description: 'Managed policy' 
    Path: /appsync/
    PolicyDocument:
      Version: '2012-10-17'
      Statement:
        - Effect: Allow
          Action: 
            - 'dynamodb:GetItem'
            - 'dynamodb:PutItem'
            - 'dynamodb:DeleteItem'
            - 'dynamodb:UpdateItem'
            - 'dynamodb:Query'
            - 'dynamodb:Scan'
            - 'dynamodb:BatchGetItem'
            - 'dynamodb:BatchWriteItem'
          Resource: 
            Fn::Join: 
              - ""
              - - Fn::GetAtt: [dslvehicleState, Arn]
                - "*"