问题描述
TempApi:
Type: AWS::ApiGateway::RestApi
Properties:
Name: !Sub ${Environment}-temp-api
EndpointConfiguration:
Types:
- PRIVATE
VpcEndpointIds:
- vpce-0cfefxxxxxxxxxxxx
Policy: !Sub |
{
"Version": "2012-10-17","Statement": [
{
"Effect": "Allow"
"Principal": "*"
"Action": "execute-api:Invoke"
"Resource": "execute-api:/*"
},{
"Effect": "Deny"
"Principal": "*"
"Action": "execute-api:Invoke"
"Resource": "execute-api:/*"
"Condition": {
"StringNotEquals": {
"aws:sourceVpce": !FindInMap [Environments,!Ref Environment,VPCEndpointAPI]
}
}
}
]
}
在部署时,我收到以下错误:
Invalid policy document. Please check the policy Syntax and ensure that Principals are valid.
(Service: AmazonApiGateway; Status Code: 400; Error Code: BadRequestException)
在识别政策文件出了什么问题方面的任何帮助将不胜感激。
谢谢
Paras
解决方法
只是发现我犯了一个愚蠢的错误,在每个键值对之后都错过了逗号。
正确的政策:
TempApi:
Type: AWS::ApiGateway::RestApi
Properties:
Name: !Sub ${Environment}-temp-api
EndpointConfiguration:
Types:
- PRIVATE
VpcEndpointIds:
- vpce-0cfefxxxxxxxxxxxx
Policy: !Sub |
{
"Version": "2012-10-17","Statement": [
{
"Effect": "Allow","Principal": "*","Action": "execute-api:Invoke","Resource": "execute-api:/*"
},{
"Effect": "Deny","Resource": "execute-api:/*","Condition": {
"StringNotEquals": {
"aws:sourceVpce": !FindInMap [Environments,!Ref Environment,VPCEndpointAPI]
}
}
}
]
}