Durch die Nutzung von AWS re:Post stimmt du den AWS re:Post Nutzungsbedingungen
AWS re:Postre:Post

Value of property PolicyDocument must be an object with CloudFormation policy

0

I get the following error when I add 3 lines to my policy

Value of property PolicyDocument must be an object

(Lines with #JustAdd) If I remove those 3 lines it works great whats wrong ?

Policies:
    - PolicyName: !Sub 'X-${AWS::Region}'
      PolicyDocument:

        - Effect: Allow
          Action: 'ssm:GetParametersByPath'
          Resource: !Sub 'arn:aws:ssm:${AWS::Region}:${AWS::AccountId}:parameter/X'
        - Effect: Allow
          Action: 'ssm:GetParameters'
          Resource: !Sub 'arn:aws:ssm:${AWS::Region}:${AWS::AccountId}:parameter/X/*'
        - Effect: Allow
          Action: 's3:*'
          Resource: '*'
        - Effect: Allow
          Action:
            - secretsmanager:GetSecretValue
          Resource:
            - !Sub 'arn:aws:secretsmanager:${AWS::Region}:${AWS::AccountId}:secret:C*'
        - Effect: Allow
          Action:
            - 'ec2:DescribeNetworkInterfaces'
            - 'ec2:CreateNetworkInterface'
            - 'ec2:DeleteNetworkInterface'
            - 'ec2:DescribeInstances'
            - 'ec2:AttachNetworkInterface'
          Resource: '*'
        - Effect: Allow
          Action: 'kms:Decrypt'
          Resource: '*'
        - Effect: Allow                                                                         #JustAdded
          Action: sqs:*                                                                          #JustAdded
          Resource: 'arn:aws:sqs:us-east-1:000000000000:Q.fifo' #JustAdded
    RoleName: !Sub 'X-${AWS::Region}'
Themen
Management & UnternehmensführungServerlosAnwendungsintegrationSicherheit, Identität & Konformität
Tags
AWS CloudFormationAmazon Simple Queue ServiceIAM-Richtlinien
Sprache
English
Joeyman101
gefragt vor einem Jahr587 Aufrufe
2 Antworten
0

Hi There

I dont see a "Statement:" directive in your code under PolicyDocument. (reference: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-policy.html). Also Action: sqs* is not surrounded by single quotes like the others which could be causing formatting issues.

profile pictureAWS
EXPERTE
Matt-B
beantwortet vor einem Jahr
0

Hi there

In agreement with the above, please kindly add the "Statement:" directive and surround 'sqs:*' with single quotes as indicated below:

Policies: - PolicyName: !Sub 'X-${AWS::Region}' PolicyDocument: Statement: - Effect: Allow Action: 'ssm:GetParametersByPath' Resource: !Sub 'arn:aws:ssm:${AWS::Region}:${AWS::AccountId}:parameter/X' - Effect: Allow Action: 'ssm:GetParameters' Resource: !Sub 'arn:aws:ssm:${AWS::Region}:${AWS::AccountId}:parameter/X/' - Effect: Allow Action: 's3:' Resource: '' - Effect: Allow Action: - secretsmanager:GetSecretValue Resource: - !Sub 'arn:aws:secretsmanager:${AWS::Region}:${AWS::AccountId}:secret:C' - Effect: Allow Action: - 'ec2:DescribeNetworkInterfaces' - 'ec2:CreateNetworkInterface' - 'ec2:DeleteNetworkInterface' - 'ec2:DescribeInstances' - 'ec2:AttachNetworkInterface' Resource: '' - Effect: Allow Action: 'kms:Decrypt' Resource: '' - Effect: Allow
Action: 'sqs:*'
Resource: 'arn:aws:sqs:us-east-1:000000000000:Q.fifo' RoleName: !Sub 'X-${AWS::Region}'

TheLich
beantwortet vor einem Jahr

Du bist nicht angemeldet. Anmelden um eine Antwort zu veröffentlichen.

Eine gute Antwort beantwortet die Frage klar, gibt konstruktives Feedback und fördert die berufliche Weiterentwicklung des Fragenstellers.

Richtlinien für die Beantwortung von Fragen

Relevanter Inhalt