如何在无服务器框架 YAML 中使用 Fn::Join?
How to user Fn::Join in serverless framework YAML?
我在 Serverless.yaml 文件中有一个政策,如下所述。
AppSyncDynamoDBPolicy:
Type: AWS::IAM::ManagedPolicy
Properties:
Description: 'Managed policy'
Path: /appsync/
PolicyDocument:
Version: 2012-10-17
Statement:
- Effect: Allow
Action:
- dynamodb:GetItem
- dynamodb:PutItem
- dynamodb:DeleteItem
- dynamodb:UpdateItem
- dynamodb:Query
- dynamodb:Scan
- dynamodb:BatchGetItem
- dynamodb:BatchWriteItem
Resource:
Fn::Join:
- ""
- - Fn::GetAtt: [dslvehicleState, Arn]
- "*"
当 sls deploy 完成后,它会抛出一个错误,如下所述。
An error occurred: AppSyncDynamoDBPolicy - Syntax errors in policy.
(Service: AmazonIdentityManagement; Status Code: 400; Error Code:
MalformedPolicyDocument; Request ID:
166ba0b3-cc67-11e8-8f74-3339d857f829).
我在这里错过了什么?
试试这个,使用 Ref 方法:
AppSyncDynamoDBPolicy:
Type: AWS::IAM::ManagedPolicy
Properties:
Description: 'Managed policy'
Path: /appsync/
PolicyDocument:
Version: 2012-10-17
Statement:
- Effect: Allow
Action:
- dynamodb:GetItem
- dynamodb:PutItem
- dynamodb:DeleteItem
- dynamodb:UpdateItem
- dynamodb:Query
- dynamodb:Scan
- dynamodb:BatchGetItem
- dynamodb:BatchWriteItem
Resource:
Fn::Join:
- ""
- - "Ref": "dslvehicleState"
- "*"
AppSyncDynamoDBPolicy:
Type: AWS::IAM::ManagedPolicy
Properties:
Description: 'Managed policy'
Path: /appsync/
PolicyDocument:
Version: 2012-10-17
Statement:
- Effect: Allow
Action:
- dynamodb:GetItem
- dynamodb:PutItem
- dynamodb:DeleteItem
- dynamodb:UpdateItem
- dynamodb:Query
- dynamodb:Scan
- dynamodb:BatchGetItem
- dynamodb:BatchWriteItem
Resource: !GetAtt "dslvehicleState.Arn"
您可以详细了解 Return 值 here。
检查并重试后,我发现字符串应该使用 ''
标记
AppSyncDynamoDBPolicy:
Type: AWS::IAM::ManagedPolicy
Properties:
Description: 'Managed policy'
Path: /appsync/
PolicyDocument:
Version: '2012-10-17'
Statement:
- Effect: Allow
Action:
- 'dynamodb:GetItem'
- 'dynamodb:PutItem'
- 'dynamodb:DeleteItem'
- 'dynamodb:UpdateItem'
- 'dynamodb:Query'
- 'dynamodb:Scan'
- 'dynamodb:BatchGetItem'
- 'dynamodb:BatchWriteItem'
Resource:
Fn::Join:
- ""
- - Fn::GetAtt: [dslvehicleState, Arn]
- "*"
更换以下设置后顺利运行
Version: '2012-10-17'
Action:
- 'dynamodb:GetItem'
- 'dynamodb:PutItem'
- 'dynamodb:DeleteItem'
- 'dynamodb:UpdateItem'
- 'dynamodb:Query'
- 'dynamodb:Scan'
- 'dynamodb:BatchGetItem'
- 'dynamodb:BatchWriteItem'
我在 Serverless.yaml 文件中有一个政策,如下所述。
AppSyncDynamoDBPolicy:
Type: AWS::IAM::ManagedPolicy
Properties:
Description: 'Managed policy'
Path: /appsync/
PolicyDocument:
Version: 2012-10-17
Statement:
- Effect: Allow
Action:
- dynamodb:GetItem
- dynamodb:PutItem
- dynamodb:DeleteItem
- dynamodb:UpdateItem
- dynamodb:Query
- dynamodb:Scan
- dynamodb:BatchGetItem
- dynamodb:BatchWriteItem
Resource:
Fn::Join:
- ""
- - Fn::GetAtt: [dslvehicleState, Arn]
- "*"
当 sls deploy 完成后,它会抛出一个错误,如下所述。
An error occurred: AppSyncDynamoDBPolicy - Syntax errors in policy. (Service: AmazonIdentityManagement; Status Code: 400; Error Code: MalformedPolicyDocument; Request ID: 166ba0b3-cc67-11e8-8f74-3339d857f829).
我在这里错过了什么?
试试这个,使用 Ref 方法:
AppSyncDynamoDBPolicy:
Type: AWS::IAM::ManagedPolicy
Properties:
Description: 'Managed policy'
Path: /appsync/
PolicyDocument:
Version: 2012-10-17
Statement:
- Effect: Allow
Action:
- dynamodb:GetItem
- dynamodb:PutItem
- dynamodb:DeleteItem
- dynamodb:UpdateItem
- dynamodb:Query
- dynamodb:Scan
- dynamodb:BatchGetItem
- dynamodb:BatchWriteItem
Resource:
Fn::Join:
- ""
- - "Ref": "dslvehicleState"
- "*"
AppSyncDynamoDBPolicy:
Type: AWS::IAM::ManagedPolicy
Properties:
Description: 'Managed policy'
Path: /appsync/
PolicyDocument:
Version: 2012-10-17
Statement:
- Effect: Allow
Action:
- dynamodb:GetItem
- dynamodb:PutItem
- dynamodb:DeleteItem
- dynamodb:UpdateItem
- dynamodb:Query
- dynamodb:Scan
- dynamodb:BatchGetItem
- dynamodb:BatchWriteItem
Resource: !GetAtt "dslvehicleState.Arn"
您可以详细了解 Return 值 here。
检查并重试后,我发现字符串应该使用 ''
标记AppSyncDynamoDBPolicy:
Type: AWS::IAM::ManagedPolicy
Properties:
Description: 'Managed policy'
Path: /appsync/
PolicyDocument:
Version: '2012-10-17'
Statement:
- Effect: Allow
Action:
- 'dynamodb:GetItem'
- 'dynamodb:PutItem'
- 'dynamodb:DeleteItem'
- 'dynamodb:UpdateItem'
- 'dynamodb:Query'
- 'dynamodb:Scan'
- 'dynamodb:BatchGetItem'
- 'dynamodb:BatchWriteItem'
Resource:
Fn::Join:
- ""
- - Fn::GetAtt: [dslvehicleState, Arn]
- "*"
更换以下设置后顺利运行
Version: '2012-10-17' Action: - 'dynamodb:GetItem' - 'dynamodb:PutItem' - 'dynamodb:DeleteItem' - 'dynamodb:UpdateItem' - 'dynamodb:Query' - 'dynamodb:Scan' - 'dynamodb:BatchGetItem' - 'dynamodb:BatchWriteItem'