AWS re:Post을(를) 사용하면 다음에 동의하게 됩니다. AWS re:Post 이용 약관
AWS re:Postre:Post

Value of property PolicyDocument must be an object with CloudFormation policy

0

I get the following error when I add 3 lines to my policy

Value of property PolicyDocument must be an object

(Lines with #JustAdd) If I remove those 3 lines it works great whats wrong ?

Policies:
    - PolicyName: !Sub 'X-${AWS::Region}'
      PolicyDocument:

        - Effect: Allow
          Action: 'ssm:GetParametersByPath'
          Resource: !Sub 'arn:aws:ssm:${AWS::Region}:${AWS::AccountId}:parameter/X'
        - Effect: Allow
          Action: 'ssm:GetParameters'
          Resource: !Sub 'arn:aws:ssm:${AWS::Region}:${AWS::AccountId}:parameter/X/*'
        - Effect: Allow
          Action: 's3:*'
          Resource: '*'
        - Effect: Allow
          Action:
            - secretsmanager:GetSecretValue
          Resource:
            - !Sub 'arn:aws:secretsmanager:${AWS::Region}:${AWS::AccountId}:secret:C*'
        - Effect: Allow
          Action:
            - 'ec2:DescribeNetworkInterfaces'
            - 'ec2:CreateNetworkInterface'
            - 'ec2:DeleteNetworkInterface'
            - 'ec2:DescribeInstances'
            - 'ec2:AttachNetworkInterface'
          Resource: '*'
        - Effect: Allow
          Action: 'kms:Decrypt'
          Resource: '*'
        - Effect: Allow                                                                         #JustAdded
          Action: sqs:*                                                                          #JustAdded
          Resource: 'arn:aws:sqs:us-east-1:000000000000:Q.fifo' #JustAdded
    RoleName: !Sub 'X-${AWS::Region}'
주제
관리 및 거버넌스서버리스애플리케이션 통합보안, 신원 및 규정 준수
태그
AWS CloudFormation아마존 심플 큐 서비스IAM 정책
언어
English
Joeyman101
질문됨 일 년 전587회 조회
2개 답변
0

Hi There

I dont see a "Statement:" directive in your code under PolicyDocument. (reference: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-policy.html). Also Action: sqs* is not surrounded by single quotes like the others which could be causing formatting issues.

profile pictureAWS
전문가
Matt-B
답변함 일 년 전
0

Hi there

In agreement with the above, please kindly add the "Statement:" directive and surround 'sqs:*' with single quotes as indicated below:

Policies: - PolicyName: !Sub 'X-${AWS::Region}' PolicyDocument: Statement: - Effect: Allow Action: 'ssm:GetParametersByPath' Resource: !Sub 'arn:aws:ssm:${AWS::Region}:${AWS::AccountId}:parameter/X' - Effect: Allow Action: 'ssm:GetParameters' Resource: !Sub 'arn:aws:ssm:${AWS::Region}:${AWS::AccountId}:parameter/X/' - Effect: Allow Action: 's3:' Resource: '' - Effect: Allow Action: - secretsmanager:GetSecretValue Resource: - !Sub 'arn:aws:secretsmanager:${AWS::Region}:${AWS::AccountId}:secret:C' - Effect: Allow Action: - 'ec2:DescribeNetworkInterfaces' - 'ec2:CreateNetworkInterface' - 'ec2:DeleteNetworkInterface' - 'ec2:DescribeInstances' - 'ec2:AttachNetworkInterface' Resource: '' - Effect: Allow Action: 'kms:Decrypt' Resource: '' - Effect: Allow
Action: 'sqs:*'
Resource: 'arn:aws:sqs:us-east-1:000000000000:Q.fifo' RoleName: !Sub 'X-${AWS::Region}'

TheLich
답변함 일 년 전

로그인하지 않았습니다. 로그인해야 답변을 게시할 수 있습니다.

좋은 답변은 질문에 명확하게 답하고 건설적인 피드백을 제공하며 질문자의 전문적인 성장을 장려합니다.

질문 답변하기에 대한 가이드라인

관련 콘텐츠