属性 Roles 的值必须是 List of String || 类型AWS SAM

编程问答 2022-05-15

问题描述

尝试部署 AWS SAM 时,堆栈创建失败并显示以下错误

属性角色的值必须是字符串列表类型

由于模板文件非常大,我只给出了政策部分的部分

  Policies:
    Type: AWS::IAM::Policy
    Properties:
      PolicyName: !Join ['',['lambdaExecutionPolicy',!FindInMap [Variables,Vid,value]]]
      PolicyDocument:
        Version: '2012-10-17'
        Statement:
          - Effect: Allow
            Action: 'dynamodb:Query'
            Resource: '*'
          - Effect: Allow
            Action: 'logs:*'
            Resource: 'arn:aws:logs:*:*:*'
          - Effect: Allow
            Action:
              - 's3:Getobject'
              - 's3:PutObject'
            Resource: 'arn:aws:s3:::*'
          - Effect: Allow
            Action:
              - 'logs:CreateLogGroup'
              - 'logs:CreateLogStream'
              - 'logs:PutLogEvents'
            Resource: '*'
          - Effect: Allow
            Action:
              - 'logs:CreateLogGroup'
              - 'logs:CreateLogStream'
              - 'logs:PutLogEvents'
            Resource: '*'
          - Effect: Allow
            Action: 'sns:Publish'
            Resource: !Ref mysubscription
      Roles: !Ref lambdaexecutionrole'

执行 CFT

enter image description here

解决方法

根据文档,Roles 具有以下形式:

  Roles: 
    - String

因此,在您的情况下,您应该:

Roles: 
  - !Ref lambdaexecutionrole


Roles: [!Ref lambdaexecutionrole]
amazon-cloudformationamazon-web-servicesaws-lambdaaws-sam