aws · marekaiv · Dec 20, 2021 · Dec 20, 2021
@@ -702,6 +702,9 @@ def _add_auth(self):
             self._set_default_apikey_required(swagger_editor)
 
         if auth_properties.ResourcePolicy:
+            SwaggerEditor.validate_is_dict(
+                auth_properties.ResourcePolicy, "ResourcePolicy must be a map (ResourcePolicyStatement)."
+            )
             for path in swagger_editor.iter_on_path():
                 swagger_editor.add_resource_policy(auth_properties.ResourcePolicy, path, self.stage_name)
             if auth_properties.ResourcePolicy.get("CustomStatements"):

@@ -0,0 +1,25 @@
+AWSTemplateFormatVersion: '2010-09-09'
+Description: Bad, bad resource policy
+Resources:
+  APIGatewayVpcEndpoint:
+    Type: AWS::EC2::VPCEndpoint
+    Properties:
+      SubnetIds:
+      - subnet-01234567
+      - subnet-12345678
+      SecurityGroupIds:
+      - sg-0a0a0a0a0a0a0a0a0
+      ServiceName: com.amazonaws.eu-west-1.execute-api
+      VpcId: vpc-0a0a0a0a
+      VpcEndpointType: Interface
+      PrivateDnsEnabled: false
+  ServerlessApi:
+    Type: AWS::Serverless::Api
+    Properties:
+      StageName: prod
+      EndpointConfiguration:
+        Type: PRIVATE
+        VPCEndpointIds:
+        - Ref: APIGatewayVpcEndpoint
+      Auth:
+        ResourcePolicy: IntrinsicVpceWhitelist:! Ref APIGatewayVpcEndpoint
@@ -1,3 +1,3 @@
 {
-  "errorMessage": "Invalid Serverless Application Specification document. Number of errors found: 1. Structure of the SAM template is invalid. Resource Policy is not a valid dictionary."
+  "errorMessage": "Invalid Serverless Application Specification document. Number of errors found: 1. Structure of the SAM template is invalid. ResourcePolicy must be a map (ResourcePolicyStatement)."
 }
@@ -0,0 +1,3 @@
+{
+  "errorMessage": "Invalid Serverless Application Specification document. Number of errors found: 1. Structure of the SAM template is invalid. ResourcePolicy must be a map (ResourcePolicyStatement)."
+}