Lambda SAM deploy giving error 'EC2DescribePolicy' at 'policyArn' failed to satisfy constraint: Member must have length greater than or equal to 20
I'm using AWS SAM to deploy a Lambda using cloudformation. The lambda uses the StartInstancesCommand,StopInstancesCommand and DescribeInstancesCommand api to turn instances on and off on schedule.
Using both the EC2DescribePolicy or EC2FullAccessPolicy SAM policy templates, I have been encountering the following error on:
sam deploy
1 validation error detected: Value 'EC2DescribePolicy' at 'policyArn' failed to satisfy constraint: Member must have length greater than or equal to 20 (Service: AmazonIdentityManagement; Status Code: 400; Error Code: ValidationError;
How can I fix this error? Do I have to specify 'policyArn' manually?
My template.yaml:
AWSTemplateFormatVersion: "2010-09-09"
Transform: AWS::Serverless-2016-10-31
Description: >
test-function
Resources:
TestFunction:
Type: AWS::Serverless::Function
Properties:
CodeUri: test-function/
Handler: app.lambdaHandler
Runtime: nodejs16.x
MemorySize: 512
Timeout: 60
Policies:
- AWSLambdaBasicExecutionRole
- AWSLambdaVPCAccessExecutionRole
- EC2DescribePolicy
Architectures:
- x86_64
Events:
ScheduledEvent:
Type: Schedule
Properties:
Schedule: cron(0 8 * * ? *)
Enabled: True
Version information:
$ sam --version
SAM CLI, version 1.60.0
$ node --version
v16.17.0
$ docker --version
Docker version 20.10.17, build 100c701
$ python3 --version
Python 3.9.6
The documentation states:
For every policy template you specify in your AWS SAM template file, you must always specify an object containing the policy template's placeholder values. If a policy template does not require any placeholder values, you must specify an empty object.
So you should have:
Policies:
- AWSLambdaBasicExecutionRole
- AWSLambdaVPCAccessExecutionRole
- EC2DescribePolicy : {}
- AWS RDS restoring snapshot with upgraded engine version giving error
- Error with not existing instance profile while trying to get a django project running on AWS Beanstalk
- Timeout when trying to retrieve EC2 instance-id metadata from within it
- Lease table is not updated when new shards are added causing stale workers in KCL
- libsndfile.so.1: cannot open shared object file: No such file or directory
- Why does ECS binpack strategy on memory always scale up a new EC2 instance despite available resources?
- How to pull every single image (tag or untagged) from AWS ECR?
- In CloudFormation how can I link RDS and Secrets Manager so I don't have to hardcode the password?
- How to install postgresql-client to Amazon EC2 Linux machine?
- PyCharm: Why "Python Console" is not accessing ~\.aws\credentials file? How to set it within "Python Console"
- Is it possible to run aws s3 sync with boto3?
- Python 3 asyncio with aioboto3 seems sequential
- Serverless / AWS Lambda - Create the triggers for the published lambda versions
- AWS Glue missing permissions
- Invoking lambda from API gateway test, but hitting the endpoint does not invoke the lambda. 500 returned
- terraform destroy needs original terraform code to destroy?
- How to correctly/safely access parameters from AWS SSM Parameter store for my Python script on EC2 instance?
- Why is my image not displaying on my Web page?
- How to copy blobs from azure to aws using python?
- S3 Bucket action doesn't apply to any resources
- Couldn't proceed with upgrade process as new nodes are not joining node group standard-workers
- How to customize "From" name for SNS emails
- Changing the name of a Load Balancer on AWS Console
- AWS S3 Bucket Access Issue with IAM User Permissions
- how to decrease the exceution time of aws lambda function nodejs
- Row was updated or deleted by another transaction (or unsaved-value mapping was incorrect)
- Downloading an entire S3 bucket?
- Unable to unzip .zip file on linux machine
- Missing Authentication Token while accessing API Gateway?
- AWS S3 Access Denied when open object URL in browser