AWS Cloudformation [/Resources/PrivateGateway/Properties] 'null' values are not allowed in templates

问题

I am trying to run a Cloudformation template to create a private API Gateway, I am getting a null value error, not able to figure out why,
Following is the template I'm trying to work with -

AWSTemplateFormatVersion: 2010-09-09
Transform: 'AWS::Serverless-2016-10-31'
Description: Api Template Stack

Parameters:
    VpcId:
        Type: String
        Default: "vpc-xxxxxx"

Resources:
    PrivateGateway:
        Type: 'AWS::ApiGateway::RestApi'
        Properties:
        Name: 'private-gw'
        EndpointConfiguration:
            Types:
            - PRIVATE
        Policy: !Sub |
          {
            "Version": "2012-10-17",
            "Statement": [
                {
                "Effect": "Deny",
                "Principal": "*",
                "Action": "execute-api:Invoke",
                "Resource": "arn:aws:execute-api:us-east-1:${AWS::AccountId}:*/*/*/*",
                "Condition": {
                    "StringNotEquals": {
                    "aws:sourceVpc": !Ref VpcId
                    }
                }
                },
                {
                "Effect": "Allow",
                "Principal": "*",
                "Action": "execute-api:Invoke",
                "Resource": "arn:aws:execute-api:us-east-1:${AWS::AccountId}:*/*/*/*"
                }
            ]
          }

Error -

[/Resources/PrivateGateway/Properties] 'null' values are not allowed in templates

回答1:

From what I can tell, this appears to be a yaml parsing error, rather than a CloudFormation error.

Because this is a yaml template, it is subject to the yaml specification.

Each node must be indented further than its parent node. All sibling nodes must use the exact same indentation level. However the content of each sibling node may be further indented independently.

In your example, the nodes under Properties are not indented further, so they are not considered children of that node, but siblings. This is very likely why you are getting a 'null' values message, as the Properties node is considered 'empty' or 'null'.

Try adding two spaces at the beginning of every line under the 'Properties:' line. This will make the nodes such as Name, EndpointConfiguration, and Policy as child nodes to the Properties node.

回答2:

Was able to resolve it using the Curly braces for substituting the VpcId in the Policy -

AWSTemplateFormatVersion: 2010-09-09
Transform: 'AWS::Serverless-2016-10-31'
Description: Api Template Stack

Parameters:
    VpcId:
        Type: String
        Default: "vpc-xxxxxx"

Resources:
    PrivateGateway:
        Type: 'AWS::ApiGateway::RestApi'
        Properties:
            Name: 'private-gw'
            EndpointConfiguration:
                Types:
                - PRIVATE
            Policy: !Sub |
            {
                "Version": "2012-10-17",
                "Statement": [
                    {
                        "Effect": "Deny",
                        "Principal": "*",
                        "Action": "execute-api:Invoke",
                        "Resource": "arn:aws:execute-api:us-east-1:${AWS::AccountId}:*/*/*/*",
                        "Condition": {
                            "StringNotEquals": {
                                "aws:sourceVpc": "${VpcId}"
                            }
                        }
                    },
                    {
                        "Effect": "Allow",
                        "Principal": "*",
                        "Action": "execute-api:Invoke",
                        "Resource": "arn:aws:execute-api:us-east-1:${AWS::AccountId}:*/*/*/*"
                    }
                ]
            }

来源：https://stackoverflow.com/questions/57790229/aws-cloudformation-resources-privategateway-properties-null-values-are-not