By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Value of property PolicyDocument must be an object with CloudFormation policy

0

I get the following error when I add 3 lines to my policy

Value of property PolicyDocument must be an object

(Lines with #JustAdd) If I remove those 3 lines it works great whats wrong ?

Policies:
    - PolicyName: !Sub 'X-${AWS::Region}'
      PolicyDocument:

        - Effect: Allow
          Action: 'ssm:GetParametersByPath'
          Resource: !Sub 'arn:aws:ssm:${AWS::Region}:${AWS::AccountId}:parameter/X'
        - Effect: Allow
          Action: 'ssm:GetParameters'
          Resource: !Sub 'arn:aws:ssm:${AWS::Region}:${AWS::AccountId}:parameter/X/*'
        - Effect: Allow
          Action: 's3:*'
          Resource: '*'
        - Effect: Allow
          Action:
            - secretsmanager:GetSecretValue
          Resource:
            - !Sub 'arn:aws:secretsmanager:${AWS::Region}:${AWS::AccountId}:secret:C*'
        - Effect: Allow
          Action:
            - 'ec2:DescribeNetworkInterfaces'
            - 'ec2:CreateNetworkInterface'
            - 'ec2:DeleteNetworkInterface'
            - 'ec2:DescribeInstances'
            - 'ec2:AttachNetworkInterface'
          Resource: '*'
        - Effect: Allow
          Action: 'kms:Decrypt'
          Resource: '*'
        - Effect: Allow                                                                         #JustAdded
          Action: sqs:*                                                                          #JustAdded
          Resource: 'arn:aws:sqs:us-east-1:000000000000:Q.fifo' #JustAdded
    RoleName: !Sub 'X-${AWS::Region}'
Topics
Management & GovernanceServerlessApplication IntegrationSecurity, Identity, & Compliance
Tags
AWS CloudFormationAmazon Simple Queue ServiceIAM Policies
Language
English
Joeyman101
asked a year ago565 views
2 Answers
0

Hi There

I dont see a "Statement:" directive in your code under PolicyDocument. (reference: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-policy.html). Also Action: sqs* is not surrounded by single quotes like the others which could be causing formatting issues.

profile pictureAWS
EXPERT
Matt-B
answered a year ago
0

Hi there

In agreement with the above, please kindly add the "Statement:" directive and surround 'sqs:*' with single quotes as indicated below:

Policies: - PolicyName: !Sub 'X-${AWS::Region}' PolicyDocument: Statement: - Effect: Allow Action: 'ssm:GetParametersByPath' Resource: !Sub 'arn:aws:ssm:${AWS::Region}:${AWS::AccountId}:parameter/X' - Effect: Allow Action: 'ssm:GetParameters' Resource: !Sub 'arn:aws:ssm:${AWS::Region}:${AWS::AccountId}:parameter/X/' - Effect: Allow Action: 's3:' Resource: '' - Effect: Allow Action: - secretsmanager:GetSecretValue Resource: - !Sub 'arn:aws:secretsmanager:${AWS::Region}:${AWS::AccountId}:secret:C' - Effect: Allow Action: - 'ec2:DescribeNetworkInterfaces' - 'ec2:CreateNetworkInterface' - 'ec2:DeleteNetworkInterface' - 'ec2:DescribeInstances' - 'ec2:AttachNetworkInterface' Resource: '' - Effect: Allow Action: 'kms:Decrypt' Resource: '' - Effect: Allow
Action: 'sqs:*'
Resource: 'arn:aws:sqs:us-east-1:000000000000:Q.fifo' RoleName: !Sub 'X-${AWS::Region}'

TheLich
answered a year ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content