How to create a managed policy in cloudformation that allows lambda access to all s3 containers in an aws environment

Question

I'm trying to create a managed policy for a lambda that allows it access to all s3 buckets in my environment. This lambda basically scans the contents of each bucket and keys any object with the prefix archive/ if it older than thirty days. I'm trying to create the policy in cloudformation but I keep getting a error when packaging that an end of the stream or document separator is expected. I know this is a yaml error but not sure exactly how to correct it.

 LambdaArchiveAccessPolicy:
    Type: AWS::IAM::ManagedPolicy
    Properties:
      ManagedPolicyName: LambdaArchiveAccessPolicy
      Description: Policy for allowing lambda to access s3 containers
      PolicyDocument:
        Version: 2012-10-17
        Statement:
          Effect: Allow
          Action: 's3:*'
          Resource: !Sub 'arn:aws:s3:::*'

I suspect how I am defining the resource is wrong. I'd appreciate any guidance or suggestions

Answer 1

As per the YAML specification here , spacing is important in YAML files, and more specifically:

All sibling nodes must use the exact same indentation level.

In your YAML your first line is indented three spaces, but subsequent indentation is only 2 spaces. Correct the spacing by one and you will resolve your issue.