I just got stuck on a CloudFormation gotcha for an hour. I was trying to add an access policy to an SQS queue to allow SNS to post messages to it, but it gave this error:
An error occurred: myQueue – Invalid value for the parameter Policy. (Service: AmazonSQS; Status Code: 400; Error Code: InvalidAttributeValue).
The CloudFormation YAML for that queue was:
Type: AWS::SQS::QueuePolicy Properties: Queues: - Ref: myQueue PolicyDocument: Id: QueuePolicy Version: 2012-10-17 Statement: - Sid: sendMessagesToQueue Effect: Allow Principal: AWS: "*" Action: - sqs:SendMessage Resource: "*" Condition: ArnEquals: aws:SourceArn: Ref: myTopic
The problem with this policy is that YAML automatically parses anything that looks like an ISO-formatted date, so when Serverless converted my YAML CloudFormation to JSON to be uploaded, that “2012-10-17” date was transformed to:
Whoops! Adding quotes around the date in the Version field fixes this problem:
4 thoughts on “AWS CloudFormation YAML gotcha”
Thank you so much for posting this! Had the same problem your blogpost is the only site on the internet that mention this solution
Description: This template creates a new SQS Standard Queue
Queues: [ !Ref ‘SQSQueue’ ]
– Sid: Allow-User-SendMessage
– sqs: SendMessage
– sqs: ReceiveMessage
– sqs: DeleteMessage
Resource: !GetAtt [SQSQueue, Arn]
Description: URL of newly created SQS Queue
Your Version in your SQSQueuePolicy needs quotes around it:
If you’re getting an error message then state the message.
Thanks for that!!
It took me more than one hour… to find your blog 😉