Dev*_*ole 1 yaml amazon-web-services aws-cloudformation
下面是我的 Cloudformation 模板,我想添加多个资源,但出现以下错误
模板包含错误:模板格式错误:YAML 格式不正确。(第 61 行,第 1 列)
AWSTemplateFormatVersion: 2010-09-09
Description: >-
This template creates IoT policy - attaches to a device certificate, IoT Topic
Rule- used to forward messages to sns based on service key, and creates
required IAM roles for these.
Parameters:
vpcname:
Type: String
Description: Enter vpcname
vpcnamefirstletterupper:
Type: String
Description: Enter vpcname with camelcase, ex- "Usdevms"
taaccountid:
Type: String
Description: Enter TA AccountID"
Resources:
IoTDaasDeviceRole:
Type: 'AWS::IAM::Role'
Properties:
RoleName: !Join ["",[IoTDaasDeviceRole.,!Ref vpcname]]
MaxSessionDuration : 43200
AssumeRolePolicyDocument:
Version: 2012-10-17
Statement:
- Effect: Allow
Principal:
AWS: !Join ["",[!Sub 'arn:aws:iam::${AWS::AccountId}:role/Daas',!Ref vpcnamefirstletterupper,'IotCredentialLambda']]
Service: lambda.amazonaws.com
Action:
- 'sts:AssumeRole'
IoTDaasDevicePolicy:
Type: 'AWS::IAM::ManagedPolicy'
Properties:
Description: >-
This Policy will be attached to the device role and lists the
permissions given to device certificates
ManagedPolicyName: !Join
- ''
- - 'IoTDaasDeviceConnectPolicy.'
- !Ref vpcname
PolicyDocument:
Version: 2012-10-17
Statement:
- Effect: Allow
Action: 'iot:Connect'
Resource: !Join
- ''
- - !Sub 'arn:aws:iot:${AWS::Region}:${AWS::AccountId}:client/'
- '*'
- Effect: Allow
Action: 'iot:Publish'
Resource: !Join
- ''
- - !Sub 'arn:aws:iot:${AWS::Region}:${AWS::AccountId}:topic/$aws/rules/daas_device_events_rule_'
- !Ref vpcname
- '/*'
- Effect: Allow
Action: 'iot:StartNextPendingJobExecution'
Resource: {
!Join ["",[!Sub 'arn:aws:iot:${AWS::Region}:${AWS::AccountId}:things/','*']],
!Join ["",[!Sub 'arn:aws:iot:${AWS::Region}:${AWS::AccountId}:topic/$aws/things/thingName/jobs/start-next/']],
!Join ["",[!Sub 'arn:aws:iot:${AWS::Region}:${AWS::AccountId}:topicfilter/$aws/things/thingName/jobs/start-next/accepted']],
!Join ["",[!Sub 'arn:aws:iot:${AWS::Region}:${AWS::AccountId}:topicfilter/$aws/things/thingName/jobs/start-next/rejected']]
}
- Effect: Allow
Action: 'iot:UpdateJobExecution'
Resource: !Join ["",[!Sub 'arn:aws:iot:${AWS::Region}:${AWS::AccountId}:things/','*']]
- Effect: Allow
Action: 'execute-api:Invoke'
Resource: !Join ['', [!Sub 'arn:aws:execute-api:${AWS::Region}:',!Ref taaccountid,':hpe5n6k1v8/Test/GET']]
Roles:
- Ref: IoTDaasDeviceRole
下列说法不正确的是:
Resource: {
!Join ["",[!Sub 'arn:aws:iot:${AWS::Region}:${AWS::AccountId}:things/','*']],
!Join ["",[!Sub 'arn:aws:iot:${AWS::Region}:${AWS::AccountId}:topic/$aws/things/thingName/jobs/start-next/']],
!Join ["",[!Sub 'arn:aws:iot:${AWS::Region}:${AWS::AccountId}:topicfilter/$aws/things/thingName/jobs/start-next/accepted']],
!Join ["",[!Sub 'arn:aws:iot:${AWS::Region}:${AWS::AccountId}:topicfilter/$aws/things/thingName/jobs/start-next/rejected']] }
因为它创建了一个地图,但您需要一个列表:
Resource:
- !Join ["",[!Sub 'arn:aws:iot:${AWS::Region}:${AWS::AccountId}:things/','*']]
- !Join ["",[!Sub 'arn:aws:iot:${AWS::Region}:${AWS::AccountId}:topic/$aws/things/thingName/jobs/start-next/']]
- !Join ["",[!Sub 'arn:aws:iot:${AWS::Region}:${AWS::AccountId}:topicfilter/$aws/things/thingName/jobs/start-next/accepted']]
- !Join ["",[!Sub 'arn:aws:iot:${AWS::Region}:${AWS::AccountId}:topicfilter/$aws/things/thingName/jobs/start-next/rejected']]
请注意,您的模板中仍然可能存在问题,但这些问题尚不明显。
| 归档时间: |
|
| 查看次数: |
7874 次 |
| 最近记录: |