amazon-web-services - 无效的政策文件。策略语法错误
问题描述
我有这样的休息 API 资源,
TempApi:
Type: AWS::ApiGateway::RestApi
Properties:
Name: !Sub ${Environment}-temp-api
EndpointConfiguration:
Types:
- PRIVATE
VpcEndpointIds:
- vpce-0cfefxxxxxxxxxxxx
Policy: !Sub |
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow"
"Principal": "*"
"Action": "execute-api:Invoke"
"Resource": "execute-api:/*"
},
{
"Effect": "Deny"
"Principal": "*"
"Action": "execute-api:Invoke"
"Resource": "execute-api:/*"
"Condition": {
"StringNotEquals": {
"aws:sourceVpce": !FindInMap [Environments, !Ref Environment, VPCEndpointAPI]
}
}
}
]
}
部署后,我收到以下错误:
Invalid policy document. Please check the policy syntax and ensure that Principals are valid.
(Service: AmazonApiGateway; Status Code: 400; Error Code: BadRequestException)
任何帮助确定政策文件的问题将不胜感激。
谢谢,
帕拉斯
解决方案
刚刚发现我犯了一个愚蠢的错误,在每个键值对之后都漏掉了逗号。
修正政策:
TempApi:
Type: AWS::ApiGateway::RestApi
Properties:
Name: !Sub ${Environment}-temp-api
EndpointConfiguration:
Types:
- PRIVATE
VpcEndpointIds:
- vpce-0cfefxxxxxxxxxxxx
Policy: !Sub |
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": "*",
"Action": "execute-api:Invoke",
"Resource": "execute-api:/*"
},
{
"Effect": "Deny",
"Principal": "*",
"Action": "execute-api:Invoke",
"Resource": "execute-api:/*",
"Condition": {
"StringNotEquals": {
"aws:sourceVpce": !FindInMap [Environments, !Ref Environment, VPCEndpointAPI]
}
}
}
]
}