AWS CloudFormation YAML gotcha

I just got stuck on a CloudFormation gotcha for an hour. I was trying to add an access policy to an SQS queue to allow SNS to post messages to it, but it gave this error:

An error occurred: myQueue – Invalid value for the parameter Policy. (Service: AmazonSQS; Status Code: 400; Error Code: InvalidAttributeValue).

The CloudFormation YAML for that queue was:

Type: AWS::SQS::QueuePolicy
Properties:
  Queues:
    - Ref: myQueue
  PolicyDocument:
    Id: QueuePolicy
    Version: 2012-10-17
    Statement:
      - Sid: sendMessagesToQueue
        Effect: Allow
        Principal:
          AWS: "*"
        Action:
         - sqs:SendMessage
        Resource: "*"
        Condition:
          ArnEquals:
            aws:SourceArn:
              Ref: myTopic

The problem with this policy is that YAML automatically parses anything that looks like an ISO-formatted date, so when Serverless converted my YAML CloudFormation to JSON to be uploaded, that “2012-10-17” date was transformed to:

 "Version": "2012-10-17T00:00:00.000Z"

Whoops! Adding quotes around the date in the Version field fixes this problem:

Version: "2012-10-17"

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.