如何在无服务器框架YAML中使用Fn :: Join?

时间:2018-10-10 08:39:58

标签: amazon-web-services amazon-cloudformation amazon-iam serverless-framework

我在Serverless.yaml文件中有一个策略,如下所述。

    AppSyncDynamoDBPolicy:
      Type: AWS::IAM::ManagedPolicy
      Properties:
        Description: 'Managed policy' 
        Path: /appsync/
        PolicyDocument:
          Version: 2012-10-17
          Statement:
            - Effect: Allow
              Action: 
                - dynamodb:GetItem
                - dynamodb:PutItem
                - dynamodb:DeleteItem
                - dynamodb:UpdateItem
                - dynamodb:Query
                - dynamodb:Scan
                - dynamodb:BatchGetItem
                - dynamodb:BatchWriteItem
              Resource: 
                Fn::Join: 
                  - ""
                  - - Fn::GetAtt: [dslvehicleState, Arn]
                    - "*"

当sls部署完成时,它会引发下面提到的错误。

  

发生错误:AppSyncDynamoDBPolicy-策略中的语法错误。   (服务:AmazonIdentityManagement;状态代码:400;错误代码:   格式错误的政策文件;要求编号:   166ba0b3-cc67-11e8-8f74-3339d857f829)。

我在这里想念什么?

3 个答案:

答案 0 :(得分:2)

使用Ref方法进行尝试:

AppSyncDynamoDBPolicy:
  Type: AWS::IAM::ManagedPolicy
  Properties:
    Description: 'Managed policy' 
    Path: /appsync/
    PolicyDocument:
      Version: 2012-10-17
      Statement:
        - Effect: Allow
          Action: 
            - dynamodb:GetItem
            - dynamodb:PutItem
            - dynamodb:DeleteItem
            - dynamodb:UpdateItem
            - dynamodb:Query
            - dynamodb:Scan
            - dynamodb:BatchGetItem
            - dynamodb:BatchWriteItem
          Resource: 
            Fn::Join: 
              - ""
              - - "Ref": "dslvehicleState"
                - "*"

答案 1 :(得分:0)

AppSyncDynamoDBPolicy:
  Type: AWS::IAM::ManagedPolicy
  Properties:
    Description: 'Managed policy' 
    Path: /appsync/
    PolicyDocument:
      Version: 2012-10-17
      Statement:
        - Effect: Allow
          Action: 
            - dynamodb:GetItem
            - dynamodb:PutItem
            - dynamodb:DeleteItem
            - dynamodb:UpdateItem
            - dynamodb:Query
            - dynamodb:Scan
            - dynamodb:BatchGetItem
            - dynamodb:BatchWriteItem
          Resource: !GetAtt "dslvehicleState.Arn"

您可以了解有关返回值here的更多信息。

答案 2 :(得分:0)

检查并重试后,我发现应使用''

进行小数转换 
AppSyncDynamoDBPolicy:
  Type: AWS::IAM::ManagedPolicy
  Properties:
    Description: 'Managed policy' 
    Path: /appsync/
    PolicyDocument:
      Version: '2012-10-17'
      Statement:
        - Effect: Allow
          Action: 
            - 'dynamodb:GetItem'
            - 'dynamodb:PutItem'
            - 'dynamodb:DeleteItem'
            - 'dynamodb:UpdateItem'
            - 'dynamodb:Query'
            - 'dynamodb:Scan'
            - 'dynamodb:BatchGetItem'
            - 'dynamodb:BatchWriteItem'
          Resource: 
            Fn::Join: 
              - ""
              - - Fn::GetAtt: [dslvehicleState, Arn]
                - "*"

替换以下设置后,效果很好

  

版本:“ 2012-10-17”   行动:    -'dynamodb:GetItem'    -'dynamodb:PutItem'    -'dynamodb:DeleteItem'    -'dynamodb:UpdateItem'    -'dynamodb:Query'    -'dynamodb:Scan'    -'dynamodb:BatchGetItem'    -'dynamodb:BatchWriteItem'

相关问题
最新问题