AWS CloudFormation YAML gotcha

I just got stuck on a CloudFormation gotcha for an hour. I was trying to add an access policy to an SQS queue to allow SNS to post messages to it, but it gave this error:

An error occurred: myQueue – Invalid value for the parameter Policy. (Service: AmazonSQS; Status Code: 400; Error Code: InvalidAttributeValue).

The CloudFormation YAML for that queue was:

Type: AWS::SQS::QueuePolicy
Properties:
  Queues:
    - Ref: myQueue
  PolicyDocument:
    Id: QueuePolicy
    Version: 2012-10-17
    Statement:
      - Sid: sendMessagesToQueue
        Effect: Allow
        Principal:
          AWS: "*"
        Action:
         - sqs:SendMessage
        Resource: "*"
        Condition:
          ArnEquals:
            aws:SourceArn:
              Ref: myTopic

The problem with this policy is that YAML automatically parses anything that looks like an ISO-formatted date, so when Serverless converted my YAML CloudFormation to JSON to be uploaded, that “2012-10-17” date was transformed to:

 "Version": "2012-10-17T00:00:00.000Z"

Whoops! Adding quotes around the date in the Version field fixes this problem:

Version: "2012-10-17"

One thought on “AWS CloudFormation YAML gotcha”

  1. Thank you so much for posting this! Had the same problem your blogpost is the only site on the internet that mention this solution

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.