我有一个REST API资源,
TempApi:
Type: AWS::ApiGateway::RestApi
Properties:
Name: !Sub ${Environment}-temp-api
EndpointConfiguration:
Types:
- PRIVATE
VpcEndpointIds:
- vpce-0cfefxxxxxxxxxxxx
Policy: !Sub |
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow"
"Principal": "*"
"Action": "execute-api:Invoke"
"Resource": "execute-api:/*"
},
{
"Effect": "Deny"
"Principal": "*"
"Action": "execute-api:Invoke"
"Resource": "execute-api:/*"
"Condition": {
"StringNotEquals": {
"aws:sourceVpce": !FindInMap [Environments, !Ref Environment, VPCEndpointAPI]
}
}
}
]
}
在部署时,我收到以下错误:
Invalid policy document. Please check the policy syntax and ensure that Principals are valid.
(Service: AmazonApiGateway; Status Code: 400; Error Code: BadRequestException)
在识别政策文件出了什么问题方面的任何帮助将不胜感激。
谢谢
Paras
答案 0 :(得分:1)
只是发现我犯了一个愚蠢的错误,在每个键值对之后都错过了逗号。
正确的政策:
TempApi:
Type: AWS::ApiGateway::RestApi
Properties:
Name: !Sub ${Environment}-temp-api
EndpointConfiguration:
Types:
- PRIVATE
VpcEndpointIds:
- vpce-0cfefxxxxxxxxxxxx
Policy: !Sub |
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": "*",
"Action": "execute-api:Invoke",
"Resource": "execute-api:/*"
},
{
"Effect": "Deny",
"Principal": "*",
"Action": "execute-api:Invoke",
"Resource": "execute-api:/*",
"Condition": {
"StringNotEquals": {
"aws:sourceVpce": !FindInMap [Environments, !Ref Environment, VPCEndpointAPI]
}
}
}
]
}