Telling me I’ve an invalid coverage doc with no additional info will not be useful — and the errors on this submit seem to be they might be straightforward to move by way of
I used to be simply getting some errors with a coverage doc for a VPC Endpoint. The error messages are merely this:
InvalidPolicyDocument (Service: AmazonEC2; Standing Code: 400; Error Code: InvalidPolicyDocument; Request ID: xxx; Proxy: null)
Listed here are some apparent issues that the error message may let you know:
- You might be lacking a principal when one is required. This ought to be straightforward to determine by parsing the doc for the phrase “Principal.”
- The principal will not be legitimate if it isn’t an ARN when it’s alleged to be or if it isn’t matching an ID correctly within the account. This additionally looks like it will be straightforward to parse out?
- The principal wants to start out with “AWS” if it doesn’t.
- A colon or a touch is within the flawed place.
- The spacing or indentation is off.
- There’s an issue with a situation
I don’t know what the issue is with the stack at this level so I reverted to an instance within the AWS Documentation as I presume that works and eliminated my particular principal and sources.
Subsequent I modified one worth at a time and redeployed my stack to see which one was inflicting the error.
After deploying one ingredient of the coverage at a time I spotted that along with among the above errors I had inadvertently added “Position” on the finish of a Position title after I shouldn’t have. It looks like it ought to be apparent that the ARN is within the right format, the account ID is right, however the particular position title doesn’t exist.
AWS, assist a dev out and provides somewhat extra steering about these errors in CloudFormation. You’ll save the world a great deal of time. #awswishlist
Teri Radichel
When you appreciated this story please clap and observe:
Medium: Teri Radichel or Electronic mail Checklist: Teri Radichel
Twitter: @teriradichel or @2ndSightLab
Requests companies by way of LinkedIn: Teri Radichel or IANS Analysis
© 2nd Sight Lab 2022
____________________________________________
Writer:
Cybersecurity for Executives within the Age of Cloud on Amazon
Want Cloud Safety Coaching? 2nd Sight Lab Cloud Safety Coaching
Is your cloud safe? Rent 2nd Sight Lab for a penetration take a look at or safety evaluation.
Have a Cybersecurity or Cloud Safety Query? Ask Teri Radichel by scheduling a name with IANS Analysis.
Cybersecurity & Cloud Safety Assets by Teri Radichel: Cybersecurity and Cloud safety courses, articles, white papers, displays, and podcasts