Cryptic error message for a one character problem in AWS CloudFormation
I’m trying to deploy an AWS CloudFormation template getting this error:
while parsing a block mapping
in “<unicode string>”, line 18, column 9:
Version: “2012-10-17”
^ (line: 18)
expected <block end>, but found ‘<block sequence start>’
in “<unicode string>”, line 31, column 10:
– Effect: Allow
^ (line: 31)
In this CloudFormation template. Do you see the problem?
Yeah, that lovely error message is fixed like this. Now do you see it?
Seriously which CloudFormation would add some syntax specific errors instead of dumping the generic YAML errors to the screen which are not that helpful for someone new to this. I knew specifically what I changed in this template before I got the error. As a matter of fact, the fix was not what I changed so I don’t know how the problem got into the template at all.
Why in the world it is referencing the version is beyond me. The error is no where near or had anything to do with the version.
Have you figured it out yet? Perhaps even after looking at the corrected version you don’t see it because it’s really hard to spot.
I knew that I added the two MFA conditions. I’ve written about this MFA conditions and possibly incorrect explanation of the logic here, depending on your use case and point of view:
Adding Conditions to AWS IAM, Resource, and Trust Policies
I did not intentionally change the line of code causing the error, nor did I type or delete anything on that line that could have caused those error. Perhaps when I inserted the condition I hit the return key and that caused the second line with “- Effect: allow” to have one less space that it should have. The indentation of the two effect lines do not align in the first version. I added one space and then my template ran correctly.
These error messages could be a lot more helpful if AWS would invest in the time, money, and resources to fix them. It would probably save their customers tons of time in development. There would be less support requests. Not sure if that is a benefit or not to AWS. And additionally, these road blocks probably cause developers to throw their hands up and skip security configurations when things don’t work easily. That’s why I’m writing a lot of sample code to help people deploy things more easily.
Please, please, please test your code every which way and write user-friendly error messages — no matter what code you are writing.
If you liked this story please clap and follow:
Medium: Teri Radichel or Email List: Teri Radichel
Twitter: @teriradichel or @2ndSightLab
Requests services via LinkedIn: Teri Radichel or IANS Research
© 2nd Sight Lab 2022
____________________________________________
Author:
Cybersecurity for Executives in the Age of Cloud on Amazon
Need Cloud Security Training? 2nd Sight Lab Cloud Security Training
Is your cloud secure? Hire 2nd Sight Lab for a penetration test or security assessment.
Have a Cybersecurity or Cloud Security Question? Ask Teri Radichel by scheduling a call with IANS Research.
Cybersecurity & Cloud Security Resources by Teri Radichel: Cybersecurity and Cloud security classes, articles, white papers, presentations, and podcasts
While parsing a block mapping…expected <block end>, but found ‘<block sequence start>’ was originally published in Bugs That Bite on Medium, where people are continuing the conversation by highlighting and responding to this story.
