CloudFormation Template is invalid: Template format error: Every Outputs member must contain a Value object
CloudFormation Template is invalid: Template format error: Every Outputs member must contain a Value object
我有一个 AWS IoT 聊天应用程序,其 UI 在 React 上,为了进行 AWS 配置,我有一个使用 "serverless deploy" 命令执行的设置。执行时, serverless.yml 被执行,它在抛出错误的地方中断
CloudFormation 模板无效:模板格式错误:每个输出成员必须包含一个值对象
serverless.yml代码如下:
resources:
Resources:
UserTable:
Type: "AWS::DynamoDB::Table"
Properties:
TableName: "IotChatUsers"
AttributeDefinitions:
- AttributeName: identityId
AttributeType: S
KeySchema:
- AttributeName: identityId
KeyType: HASH
ProvisionedThroughput:
ReadCapacityUnits: 5
WriteCapacityUnits: 5
ChatTable:
Type: "AWS::DynamoDB::Table"
Properties:
TableName: "IotChatChats"
AttributeDefinitions:
- AttributeName: name
AttributeType: S
KeySchema:
- AttributeName: name
KeyType: HASH
ProvisionedThroughput:
ReadCapacityUnits: 5
WriteCapacityUnits: 5
ConnectPolicy:
Type: "AWS::IoT::Policy"
Properties:
PolicyName: IotChatConnectPolicy
PolicyDocument:
Version: "2012-10-17"
Statement:
- Effect: "Allow"
Action:
- "iot:Connect"
Resource:
- "*"
PublicSubscribePolicy:
Type: "AWS::IoT::Policy"
Properties:
PolicyName: IotChatPublicSubscribePolicy
PolicyDocument:
Version: "2012-10-17"
Statement:
- Effect: "Allow"
Action:
- "iot:Subscribe"
Resource: { "Fn::Join" : ["",["arn:aws:iot:",{"Ref":"AWS::Region"},":",{"Ref":"AWS::AccountId"},":topicfilter/room/public/*"]] }
PublicReceivePolicy:
Type: "AWS::IoT::Policy"
Properties:
PolicyName: IotChatPublicReceivePolicy
PolicyDocument:
Version: "2012-10-17"
Statement:
- Effect: "Allow"
Action:
- "iot:Receive"
Resource: { "Fn::Join" : ["",["arn:aws:iot:",{"Ref":"AWS::Region"},":",{"Ref":"AWS::AccountId"},":topic/room/public/*"]] }
UserPool:
Type: "AWS::Cognito::UserPool"
Properties:
UserPoolName: iot_chat_api_user_pool
AutoVerifiedAttributes:
- email
MfaConfiguration: OFF
Schema:
- AttributeDataType: String
Name: email
Required: true
ReactAppClient:
Type: AWS::Cognito::UserPoolClient
Properties:
GenerateSecret: false
RefreshTokenValidity: 200
UserPoolId:
Ref: UserPool
IdentityPool:
Type: "AWS::Cognito::IdentityPool"
Properties:
IdentityPoolName: iot_chat_api_identity_pool
AllowUnauthenticatedIdentities: false
CognitoIdentityProviders:
- ClientId:
Ref: ReactAppClient
ProviderName:
Fn::GetAtt: UserPool.ProviderName
SupportedLoginProviders:
graph.facebook.com: ${self:custom.variables.facebook_app_id}
accounts.google.com: ${self:custom.variables.google_app_id}
IdentityPoolAuthRole:
Type: "AWS::IAM::Role"
Properties:
AssumeRolePolicyDocument:
Version: "2012-10-17"
Statement:
- Effect: "Allow"
Principal:
Federated:
- "cognito-identity.amazonaws.com"
Action:
- "sts:AssumeRoleWithWebIdentity"
Condition:
StringEquals:
cognito-identity.amazonaws.com:aud:
Ref: IdentityPool
ForAnyValue:StringLike:
cognito-identity.amazonaws.com:amr: authenticated
ManagedPolicyArns:
- arn:aws:iam::aws:policy/AWSIoTDataAccess
Path: "/"
Policies:
- PolicyName: iot-chat-invoke-api-gateway
PolicyDocument:
Version: '2012-10-17'
Statement:
- Effect: Allow
Action:
- execute-api:Invoke
Resource: { "Fn::Join" : ["", ["arn:aws:execute-api:",{"Ref":"AWS::Region"},":",{"Ref":"AWS::AccountId"},":",{"Ref":"ApiGatewayRestApi"},"/*"]] }
IdentityPoolRoleAttachment:
Type: AWS::Cognito::IdentityPoolRoleAttachment
Properties:
IdentityPoolId:
Ref: IdentityPool
Roles:
authenticated:
Fn::GetAtt:
- IdentityPoolAuthRole
- Arn
ConfirmUserInvocationPermission:
Type: AWS::Lambda::Permission
Properties:
Action: lambda:InvokeFunction
FunctionName:
Fn::GetAtt: AutoConfirmUserLambdaFunction.Arn
Principal: cognito-idp.amazonaws.com
SourceArn:
Fn::GetAtt: UserPool.Arn
Outputs:
UserPoolId:
Description: "The ID of the user pool that is created."
Value:
Ref: UserPool
ReactAppClientId:
Description: "The ID of the user pool react app client id."
Value:
Ref: ReactAppClient
IdentityPoolId:
Description: "The ID of the identity pool that is created."
Value:
Ref: IdentityPool
AutoConfirmUserFnArn:
Description: "The ARN of the Auto Confirm User Lambda function"
Value:
Fn::GetAtt:
- AutoConfirmUserLambdaFunction
- Arn
FacebookAppId:
Description: "Facebook App Id"
Value: ${self:custom.variables.facebook_app_id}
GoogleAppId:
Description: "Google App Id"
Value: ${self:custom.variables.google_app_id}
我需要一些洞察力来弄清楚 serverless.yml 有什么问题导致我出现此验证错误。
Environment Information -----------------------------
OS: win32
Node Version: 8.9.1
Serverless Version: 1.25.0
更新:
解析下面的 YAML 是输出节点的结果:
"Outputs": {
"IdentityPoolId": {
"Description": "The ID of the identity pool that is created.",
"Value": {
"Ref": "IdentityPool"
}
},
"FacebookAppId": {
"Description": "Facebook App Id",
"Value": "${self:custom.variables.facebook_app_id}"
},
"ReactAppClientId": {
"Description": "The ID of the user pool react app client id.",
"Value": {
"Ref": "ReactAppClient"
}
},
"GoogleAppId": {
"Description": "Google App Id",
"Value": "${self:custom.variables.google_app_id}"
},
"UserPoolId": {
"Description": "The ID of the user pool that is created.",
"Value": {
"Ref": "UserPool"
}
},
"AutoConfirmUserFnArn": {
"Description": "The ARN of the Auto Confirm User Lambda function",
"Value": {
"Fn::GetAtt": [
"AutoConfirmUserLambdaFunction",
"Arn"
]
}
}
}
更新二:
这是完整申请的来源:aws-iot-chat-example
CloudFormation 经常提供模糊或难以跟踪的错误,并且从不使用行号报告错误,就像许多 interpreters/compilers/parsers 一样。所以追踪它们通常是一个反复试验的过程。
在你的情况下,错误消息只提到错误在模板的 Output 部分,但没有提到问题出在哪个值上。您在该部分中有 6 个值。
故障排除的一个好方法是一次删除一个或两个项目,然后重新 运行 模板。由于输出值只是 - 只有输出 - 此模板不需要它们,而是在创建过程的后期将数据公开给其他模板。只需按照建议删除它们,并使用此技术隔离值中有错误的字段。
一个好的健全性检查是删除整个 Outputs 部分,并确认模板的重置按预期创建。
找到有问题的字段后,您需要找到主要问题:Every Outputs member must contain a Value object
要解决该问题,请追踪被引用的对象,并追踪回源资源或资源属性。出于某种原因,这些引用未引用有效对象。
我会注意到,在您的评论中,您确定了两个导致错误的字段。两者似乎都使用 self:custom.variables.google_app_id 形式的变量引用 - 这些值 而不是 正确解析。如上所述检查它们的来源。我怀疑它们没有被正确解析。我不认为该构造是有效的 CloudFormation 语法。
我有一个 AWS IoT 聊天应用程序,其 UI 在 React 上,为了进行 AWS 配置,我有一个使用 "serverless deploy" 命令执行的设置。执行时, serverless.yml 被执行,它在抛出错误的地方中断 CloudFormation 模板无效:模板格式错误:每个输出成员必须包含一个值对象
serverless.yml代码如下:
resources:
Resources:
UserTable:
Type: "AWS::DynamoDB::Table"
Properties:
TableName: "IotChatUsers"
AttributeDefinitions:
- AttributeName: identityId
AttributeType: S
KeySchema:
- AttributeName: identityId
KeyType: HASH
ProvisionedThroughput:
ReadCapacityUnits: 5
WriteCapacityUnits: 5
ChatTable:
Type: "AWS::DynamoDB::Table"
Properties:
TableName: "IotChatChats"
AttributeDefinitions:
- AttributeName: name
AttributeType: S
KeySchema:
- AttributeName: name
KeyType: HASH
ProvisionedThroughput:
ReadCapacityUnits: 5
WriteCapacityUnits: 5
ConnectPolicy:
Type: "AWS::IoT::Policy"
Properties:
PolicyName: IotChatConnectPolicy
PolicyDocument:
Version: "2012-10-17"
Statement:
- Effect: "Allow"
Action:
- "iot:Connect"
Resource:
- "*"
PublicSubscribePolicy:
Type: "AWS::IoT::Policy"
Properties:
PolicyName: IotChatPublicSubscribePolicy
PolicyDocument:
Version: "2012-10-17"
Statement:
- Effect: "Allow"
Action:
- "iot:Subscribe"
Resource: { "Fn::Join" : ["",["arn:aws:iot:",{"Ref":"AWS::Region"},":",{"Ref":"AWS::AccountId"},":topicfilter/room/public/*"]] }
PublicReceivePolicy:
Type: "AWS::IoT::Policy"
Properties:
PolicyName: IotChatPublicReceivePolicy
PolicyDocument:
Version: "2012-10-17"
Statement:
- Effect: "Allow"
Action:
- "iot:Receive"
Resource: { "Fn::Join" : ["",["arn:aws:iot:",{"Ref":"AWS::Region"},":",{"Ref":"AWS::AccountId"},":topic/room/public/*"]] }
UserPool:
Type: "AWS::Cognito::UserPool"
Properties:
UserPoolName: iot_chat_api_user_pool
AutoVerifiedAttributes:
- email
MfaConfiguration: OFF
Schema:
- AttributeDataType: String
Name: email
Required: true
ReactAppClient:
Type: AWS::Cognito::UserPoolClient
Properties:
GenerateSecret: false
RefreshTokenValidity: 200
UserPoolId:
Ref: UserPool
IdentityPool:
Type: "AWS::Cognito::IdentityPool"
Properties:
IdentityPoolName: iot_chat_api_identity_pool
AllowUnauthenticatedIdentities: false
CognitoIdentityProviders:
- ClientId:
Ref: ReactAppClient
ProviderName:
Fn::GetAtt: UserPool.ProviderName
SupportedLoginProviders:
graph.facebook.com: ${self:custom.variables.facebook_app_id}
accounts.google.com: ${self:custom.variables.google_app_id}
IdentityPoolAuthRole:
Type: "AWS::IAM::Role"
Properties:
AssumeRolePolicyDocument:
Version: "2012-10-17"
Statement:
- Effect: "Allow"
Principal:
Federated:
- "cognito-identity.amazonaws.com"
Action:
- "sts:AssumeRoleWithWebIdentity"
Condition:
StringEquals:
cognito-identity.amazonaws.com:aud:
Ref: IdentityPool
ForAnyValue:StringLike:
cognito-identity.amazonaws.com:amr: authenticated
ManagedPolicyArns:
- arn:aws:iam::aws:policy/AWSIoTDataAccess
Path: "/"
Policies:
- PolicyName: iot-chat-invoke-api-gateway
PolicyDocument:
Version: '2012-10-17'
Statement:
- Effect: Allow
Action:
- execute-api:Invoke
Resource: { "Fn::Join" : ["", ["arn:aws:execute-api:",{"Ref":"AWS::Region"},":",{"Ref":"AWS::AccountId"},":",{"Ref":"ApiGatewayRestApi"},"/*"]] }
IdentityPoolRoleAttachment:
Type: AWS::Cognito::IdentityPoolRoleAttachment
Properties:
IdentityPoolId:
Ref: IdentityPool
Roles:
authenticated:
Fn::GetAtt:
- IdentityPoolAuthRole
- Arn
ConfirmUserInvocationPermission:
Type: AWS::Lambda::Permission
Properties:
Action: lambda:InvokeFunction
FunctionName:
Fn::GetAtt: AutoConfirmUserLambdaFunction.Arn
Principal: cognito-idp.amazonaws.com
SourceArn:
Fn::GetAtt: UserPool.Arn
Outputs:
UserPoolId:
Description: "The ID of the user pool that is created."
Value:
Ref: UserPool
ReactAppClientId:
Description: "The ID of the user pool react app client id."
Value:
Ref: ReactAppClient
IdentityPoolId:
Description: "The ID of the identity pool that is created."
Value:
Ref: IdentityPool
AutoConfirmUserFnArn:
Description: "The ARN of the Auto Confirm User Lambda function"
Value:
Fn::GetAtt:
- AutoConfirmUserLambdaFunction
- Arn
FacebookAppId:
Description: "Facebook App Id"
Value: ${self:custom.variables.facebook_app_id}
GoogleAppId:
Description: "Google App Id"
Value: ${self:custom.variables.google_app_id}
我需要一些洞察力来弄清楚 serverless.yml 有什么问题导致我出现此验证错误。
Environment Information -----------------------------
OS: win32
Node Version: 8.9.1
Serverless Version: 1.25.0
更新:
解析下面的 YAML 是输出节点的结果:
"Outputs": {
"IdentityPoolId": {
"Description": "The ID of the identity pool that is created.",
"Value": {
"Ref": "IdentityPool"
}
},
"FacebookAppId": {
"Description": "Facebook App Id",
"Value": "${self:custom.variables.facebook_app_id}"
},
"ReactAppClientId": {
"Description": "The ID of the user pool react app client id.",
"Value": {
"Ref": "ReactAppClient"
}
},
"GoogleAppId": {
"Description": "Google App Id",
"Value": "${self:custom.variables.google_app_id}"
},
"UserPoolId": {
"Description": "The ID of the user pool that is created.",
"Value": {
"Ref": "UserPool"
}
},
"AutoConfirmUserFnArn": {
"Description": "The ARN of the Auto Confirm User Lambda function",
"Value": {
"Fn::GetAtt": [
"AutoConfirmUserLambdaFunction",
"Arn"
]
}
}
}
更新二:
这是完整申请的来源:aws-iot-chat-example
CloudFormation 经常提供模糊或难以跟踪的错误,并且从不使用行号报告错误,就像许多 interpreters/compilers/parsers 一样。所以追踪它们通常是一个反复试验的过程。
在你的情况下,错误消息只提到错误在模板的 Output 部分,但没有提到问题出在哪个值上。您在该部分中有 6 个值。
故障排除的一个好方法是一次删除一个或两个项目,然后重新 运行 模板。由于输出值只是 - 只有输出 - 此模板不需要它们,而是在创建过程的后期将数据公开给其他模板。只需按照建议删除它们,并使用此技术隔离值中有错误的字段。
一个好的健全性检查是删除整个 Outputs 部分,并确认模板的重置按预期创建。
找到有问题的字段后,您需要找到主要问题:Every Outputs member must contain a Value object
要解决该问题,请追踪被引用的对象,并追踪回源资源或资源属性。出于某种原因,这些引用未引用有效对象。
我会注意到,在您的评论中,您确定了两个导致错误的字段。两者似乎都使用 self:custom.variables.google_app_id 形式的变量引用 - 这些值 而不是 正确解析。如上所述检查它们的来源。我怀疑它们没有被正确解析。我不认为该构造是有效的 CloudFormation 语法。