I’m using AWS SAM to deploy a Lambda using cloudformation. The lambda uses the StartInstancesCommand,StopInstancesCommand and DescribeInstancesCommand api to turn instances on and off on schedule.
Using both the EC2DescribePolicy or EC2FullAccessPolicy SAM policy templates, I have been encountering the following error on:
sam deploy
1 validation error detected: Value
‘EC2DescribePolicy’ at ‘policyArn’
failed to satisfy constraint:
Member must have length greater
than or equal to 20 (Service:
AmazonIdentityManagement;
Status Code: 400; Error Code: ValidationError;
How can I fix this error? Do I have to specify ‘policyArn’ manually?
My template.yaml:
AWSTemplateFormatVersion: "2010-09-09"
Transform: AWS::Serverless-2016-10-31
Description: >
test-function
Resources:
TestFunction:
Type: AWS::Serverless::Function
Properties:
CodeUri: test-function/
Handler: app.lambdaHandler
Runtime: nodejs16.x
MemorySize: 512
Timeout: 60
Policies:
- AWSLambdaBasicExecutionRole
- AWSLambdaVPCAccessExecutionRole
- EC2DescribePolicy
Architectures:
- x86_64
Events:
ScheduledEvent:
Type: Schedule
Properties:
Schedule: cron(0 8 * * ? *)
Enabled: True
Version information:
$ sam --version
SAM CLI, version 1.60.0
$ node --version
v16.17.0
$ docker --version
Docker version 20.10.17, build 100c701
$ python3 --version
Python 3.9.6
>Solution :
The documentation states:
For every policy template you specify in your AWS SAM template file, you must always specify an object containing the policy template’s placeholder values. If a policy template does not require any placeholder values, you must specify an empty object.
So you should have:
Policies:
- AWSLambdaBasicExecutionRole
- AWSLambdaVPCAccessExecutionRole
- EC2DescribePolicy : {}