Reputation: 456
YAML formatting error in cloudformation. How do i fix this error?
I am writing a YAML based template for cloudformation but i need to fix this error that does not allow the template to work on aws. When put in a yaml validator, it works, but aws is currently not accepting this:
Properties:
Code:
Zipfile:|
import json
import boto3
s3 = boto3.client('s3')
def lambda_handler(event, context):
# Get bucket name from the S3 event
print(event)
bucket_name = event['detail']['requestParameters']['bucketName']
# Create a bucket policy
bucket_policy =json.dumps({
"Version": "2012-10-17",
"Statement": [
{
"Sid": "MustBeEncryptedAtRest",
"Effect": "Deny",
"Principal": "*",
"Action": "s3:PutObject",
"Resource": [
"arn:aws:s3:::{}".format(bucket_name),
"arn:aws:s3:::{}/*".format(bucket_name)
],
"Condition": {
"StringNotEquals": {
"s3:x-amz-server-side-encryption": [
-----
"aws:kms"
]
}
}
},
{
"Sid": "MustBeEncryptedInTransit",
"Effect": "Deny",
"Principal": "*",
"Action": "s3:*",
"Resource": [
"arn:aws:s3:::{}".format(bucket_name),
"arn:aws:s3:::{}/*".format(bucket_name)
],
"Condition": {
"Bool": {
"aws:SecureTransport": "false"
}
}
} ] })
# Set the new policy
s3.put_bucket_policy(Bucket=bucket_name, Policy=bucket_policy),
Handler: lambda_handler,
Role: -----
Runtime: python3.7
Type: AWS::Events::Rule
Properties:
EventPattern: {
"source": [
"aws.s3"
],
"detail-type": [
"AWS API Call via CloudTrail"
],
"detail": {
"eventSource": [
"s3.amazonaws.com"
],
"eventName": [
"CreateBucket"
]
}
}
What do i do to fix this? I have tried putting it in the yaml validator yet the error message points to line 1 column 1, and i have followed aws documentation fully but something seems to be wrong. Does everything need to be in a string like it is in JSON format?
Upvotes: 0
Views: 1124
Answers (1)
Reputation: 35146
It appears you have 2 resources in this template without naming separate resources. I have formatted for you below.
There were a couple of issues with the YAML, the first is alignment of the structure, whereas in JSON {} and [] define nested levels in YAML indentation combined with : is used to provide structure.
With the Lambda if you keep it indented from the ZipFile parameter it will successfully be allowed in the formatting. Additionally the EventPattern within your CloudWatch Event cannot use JSON, it must instead convert the format to YAML for this template.
AWSTemplateFormatVersion: '2010-09-09'
Resources:
LambdaFunction:
Type: 'AWS::Lambda::Function'
Properties:
Code:
ZipFile: |
import json
import boto3
s3 = boto3.client('s3')
def lambda_handler(event, context):
# Get bucket name from the S3 event
print(event)
bucket_name = event['detail']['requestParameters']['bucketName']
# Create a bucket policy
bucket_policy =json.dumps({
"Version": "2012-10-17",
"Statement": [
{
"Sid": "MustBeEncryptedAtRest",
"Effect": "Deny",
"Principal": "*",
"Action": "s3:PutObject",
"Resource": [
"arn:aws:s3:::{}".format(bucket_name),
"arn:aws:s3:::{}/*".format(bucket_name)
],
"Condition": {
"StringNotEquals": {
"s3:x-amz-server-side-encryption": [
-----
"aws:kms"
]
}
}
},
{
"Sid": "MustBeEncryptedInTransit",
"Effect": "Deny",
"Principal": "*",
"Action": "s3:*",
"Resource": [
"arn:aws:s3:::{}".format(bucket_name),
"arn:aws:s3:::{}/*".format(bucket_name)
],
"Condition": {
"Bool": {
"aws:SecureTransport": "false"
}
}
} ] })
# Set the new policy
s3.put_bucket_policy(Bucket=bucket_name, Policy=bucket_policy),
Handler: lambda_handler
Role: '-----'
Runtime: python3.7
EventRule:
Type: 'AWS::Events::Rule'
Properties:
EventPattern:
source:
- aws.s3
detail-type:
- AWS API Call via CloudTrail
detail:
eventSource:
- s3.amazonaws.com
eventName:
- CreateBucket
Upvotes: 1
Related Questions
- Template format error: YAML not well-formed
- Cloudformation Transform invalid Yaml/JSON
- CloudFormation Template errors on AWS
- Building Lambda Function in yaml - Issue
- Cloudformation YAML: expected type String, found JSONObject
- ClientError: An error occurred (AccessDeniedException)
- YAML Error for CloudFormation file with !Equal & !Ref
- Cloudformation Unresolved resource dependencies
- Error while running yaml from cloudformation
- CloudFormation Template is invalid: Template format error: Every Outputs member must contain a Value object