API 网关 - 策略文档无效,请检查策略语法
API Gateway - invalid policy document, check policy syntax
通过 AWS 控制台构建 API 网关资源策略。我在 VPC 中有 API 网关。
Error
Invalid policy document. Please check the policy syntax and ensure that Principals are valid.
这是资源策略:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": "*",
"Action": "execute-api:Invoke",
"Resource": [
"arn:aws:execute-api:*:*:*/*"
]
},
{
"Effect": "Deny",
"Principal": "*",
"Action": "execute-api:Invoke",
"Resource": [
"arn:aws:execute-api:*:*:*/*"
],
"Condition" : {
"StringNotEquals": {
"aws:SourceVpc": "vpc-0c11234510819ewqe"
},
"StringNotEquals": {
"aws:SourceVpce": "vpc-er345453yrt4543t"
}
}
}
]
}
在condition语句中,如果要表示多个VPC,则需要声明为列表:
"Condition" : {
"StringNotEquals": {
"aws:SourceVpc": [
"vpc-0c11234510819ewqe",
"vpc-er345453yrt4543t"
]
}
}
此外,在 Resource 字段中,删除 arn:aws:
最后,资源策略如下所示:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": "*",
"Action": "execute-api:Invoke",
"Resource": [
"execute-api:*:*:*/*"
]
},
{
"Effect": "Deny",
"Principal": "*",
"Action": "execute-api:Invoke",
"Resource": [
"execute-api:*:*:*/*"
],
"Condition" : {
"StringNotEquals": {
"aws:SourceVpc": ["vpc-0c11234510819ewqe","vpc-er345453yrt4543t"]
}
}
}
]
}
参考:
通过 AWS 控制台构建 API 网关资源策略。我在 VPC 中有 API 网关。
Error Invalid policy document. Please check the policy syntax and ensure that Principals are valid.
这是资源策略:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": "*",
"Action": "execute-api:Invoke",
"Resource": [
"arn:aws:execute-api:*:*:*/*"
]
},
{
"Effect": "Deny",
"Principal": "*",
"Action": "execute-api:Invoke",
"Resource": [
"arn:aws:execute-api:*:*:*/*"
],
"Condition" : {
"StringNotEquals": {
"aws:SourceVpc": "vpc-0c11234510819ewqe"
},
"StringNotEquals": {
"aws:SourceVpce": "vpc-er345453yrt4543t"
}
}
}
]
}
在condition语句中,如果要表示多个VPC,则需要声明为列表:
"Condition" : {
"StringNotEquals": {
"aws:SourceVpc": [
"vpc-0c11234510819ewqe",
"vpc-er345453yrt4543t"
]
}
}
此外,在 Resource 字段中,删除 arn:aws:
最后,资源策略如下所示:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": "*",
"Action": "execute-api:Invoke",
"Resource": [
"execute-api:*:*:*/*"
]
},
{
"Effect": "Deny",
"Principal": "*",
"Action": "execute-api:Invoke",
"Resource": [
"execute-api:*:*:*/*"
],
"Condition" : {
"StringNotEquals": {
"aws:SourceVpc": ["vpc-0c11234510819ewqe","vpc-er345453yrt4543t"]
}
}
}
]
}
参考: