Hello Friends,
Googled my best and tried a fix that worked on a different serverless project, but getting this error on a new project and am stumped with a tight timeline. Would be grateful for your perspective.
Serverless Error ---------------------------------------
An error occurred while provisioning your stack: myDefaultRole
- Policy statement must contain resources..
The serverless.yml I’m using is a copy from another working project that deploys successfully to our dev and prod AWS accounts, with of course only the bits refering to the name of the new project being changed.
I checked the yaml with an online linter and it came back green.
This is the content of the serverless.yml:
service: WayCoolLambda
frameworkVersion: “=1.10.2”
custom:
stage: ${opt:stage, self:provider.stage}
version: ${env:BUILD_VERSION, env:RV, self:custom.stage}
aws_account:
dev:
accountid: 12345678910
securityGroupIds:
- sg-XXXXXXX #allow_all_http_in
- sg-XXXXXXX #allow_all_https_in
- sg-XXXXXXX #allow_all_out
subnetIds:
- subnet-XXXXXXX #private
- subnet-XXXXXXX #private
dev:
accountid: ${self:custom.aws_account.dev.accountid}
securityGroupIds: ${self:custom.aws_account.dev.securityGroupIds}
subnetIds: ${self:custom.aws_account.dev.subnetIds}
qa:
accountid: ${self:custom.aws_account.dev.accountid}
securityGroupIds: ${self:custom.aws_account.dev.securityGroupIds}
subnetIds: ${self:custom.aws_account.dev.subnetIds}
preprod:
accountid: ${self:custom.aws_account.dev.accountid}
securityGroupIds: ${self:custom.aws_account.dev.securityGroupIds}
subnetIds: ${self:custom.aws_account.dev.subnetIds}
production:
accountid: 12345678910
securityGroupIds:
- sg-XXXXXXX
subnetIds:
- subnet-XXXXXXX
- subnet-XXXXXXX
provider:
name: aws
runtime: java8
region: us-east-1
role: myDefaultRole
vpc:
securityGroupIds: ${self:custom.${self:custom.stage}.securityGroupIds}
subnetIds: ${self:custom.${self:custom.stage}.subnetIds}
package:
artifact: target/WayCoolLambda-${self:custom.version}.jar
functions:
handleRequest:
handler: com.manheim.waycool.WayCoolHandler::handleRequest
description: WayCool Lambda
environment: ${file(environment-${self:custom.stage}.yml)}
resources:
Resources:
myDefaultRole:
Type: AWS::IAM::Role
Properties:
Path: /
RoleName: ${self:service}-${self:custom.stage}
AssumeRolePolicyDocument:
Version: '2012-10-17’
Statement:
- Effect: Allow
Principal:
Service:
- lambda.amazonaws.com
Action: sts:AssumeRole
Policies:
- PolicyName: defaultPolicy
PolicyDocument:
Version: '2012-10-17’
Statement:
- Effect: Allow
Action:
- logs:CreateLogGroup
- logs:CreateLogStream
- logs:PutLogEvents
Resource: arn:aws:logs:::log-group:/aws/lambda/::*
- Effect: "Allow"
Action:
- "s3:PutObject"
Resource:
Fn::Join:
- “”
- - “arn:aws:s3:::”
- “Ref” : “ServerlessDeploymentBucket”
- Effect: Allow
Action:
- ec2:CreateNetworkInterface
- ec2:DescribeNetworkInterfaces
- ec2:DetachNetworkInterface
- ec2:DeleteNetworkInterface
Resource: “*”
It doesn’t look like the formatter for the forum preserves the yaml spacing, but as I said, I checked the yaml in an online linter and it came back OK.
If this is a total gooberhead easy question, please forgive me, but for the life of me, I can’t imagine what could be out of whack. Thank you for taking a moment to look at it with me.