问题描述
属性角色的值必须是字符串列表类型
由于模板文件非常大,我只给出了政策部分的部分
Policies:
Type: AWS::IAM::Policy
Properties:
PolicyName: !Join ['',['lambdaExecutionPolicy',!FindInMap [Variables,Vid,value]]]
PolicyDocument:
Version: '2012-10-17'
Statement:
- Effect: Allow
Action: 'dynamodb:Query'
Resource: '*'
- Effect: Allow
Action: 'logs:*'
Resource: 'arn:aws:logs:*:*:*'
- Effect: Allow
Action:
- 's3:Getobject'
- 's3:PutObject'
Resource: 'arn:aws:s3:::*'
- Effect: Allow
Action:
- 'logs:CreateLogGroup'
- 'logs:CreateLogStream'
- 'logs:PutLogEvents'
Resource: '*'
- Effect: Allow
Action:
- 'logs:CreateLogGroup'
- 'logs:CreateLogStream'
- 'logs:PutLogEvents'
Resource: '*'
- Effect: Allow
Action: 'sns:Publish'
Resource: !Ref mysubscription
Roles: !Ref lambdaexecutionrole'
解决方法
根据文档,Roles 具有以下形式:
Roles:
- String
因此,在您的情况下,您应该:
Roles:
- !Ref lambdaexecutionrole
或
Roles: [!Ref lambdaexecutionrole]