Summary

The author, Teri Radichel, discusses a cryptic AWS CloudFormation error message, its unhelpful nature, and the importance of clear error messages for developer efficiency and security best practices.

Abstract

Teri Radichel encounters a perplexing error message while deploying an AWS CloudFormation template, which points to a version line that is unrelated to the actual issue. The true problem lies in the incorrect indentation of a YAML block, which is difficult to spot. Radichel emphasizes the need for more specific and helpful error messages from AWS, as the generic YAML errors can lead to frustration and potentially cause developers to bypass security configurations. She advocates for thorough testing and user-friendly error messages in all code to facilitate easier deployments and maintain security standards. Radichel also shares her expertise through various mediums, offering assistance with cybersecurity, cloud, and application security, and invites followers to stay updated on her work.

Opinions

The author believes that AWS CloudFormation error messages are not user-friendly and could be significantly improved to save developers time.
Radichel suggests that unclear error messages may lead to developers skipping important security configurations due to frustration.
She points out that the specific error in her CloudFormation template was due to a single space indentation issue, which was not directly caused by her recent changes.
The author stresses the importance of investing time and resources into creating more informative error messages to enhance the development experience and security practices.
Radichel is committed to helping others in the field by providing sample code, writing about her experiences, and offering her expertise in cybersecurity.

While parsing a block mapping…expected <block end>, but found ‘<block sequence start>’

Cryptic error message for a one character problem in AWS CloudFormation

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

⚙️ Check out my series on Automating Cybersecurity Metrics. The Code.

🔒 Related Stories: AWS Security | Application Security | CloudFormation

💻 Free Content on Jobs in Cybersecurity | ✉️ Sign up for the Email List

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

I’m trying to deploy an AWS CloudFormation template getting this error:

while parsing a block mapping
  in "<unicode string>", line 18, column 9:
    Version: "2012-10-17"
    ^ (line: 18)
expected <block end>, but found '<block sequence start>'
  in "<unicode string>", line 31, column 10:
    - Effect: Allow
    ^ (line: 31)

In this CloudFormation template. Do you see the problem?

Yeah, that lovely error message is fixed like this. Now do you see it?

Seriously which CloudFormation would add some syntax specific errors instead of dumping the generic YAML errors to the screen which are not that helpful for someone new to this. I knew specifically what I changed in this template before I got the error. As a matter of fact, the fix was not what I changed so I don’t know how the problem got into the template at all.

Why in the world it is referencing the version is beyond me. The error is no where near or had anything to do with the version.

Have you figured it out yet? Perhaps even after looking at the corrected version you don’t see it because it’s really hard to spot.

I knew that I added the two MFA conditions. I’ve written about this MFA conditions and possibly incorrect explanation of the logic here, depending on your use case and point of view:

Adding Conditions to AWS IAM, Resource, and Trust Policies

ACM.17 Details of policy evaluation and adding MFA to our batch job policies

medium.com

I did not intentionally change the line of code causing the error, nor did I type or delete anything on that line that could have caused those error. Perhaps when I inserted the condition I hit the return key and that caused the second line with “- Effect: allow” to have one less space that it should have. The indentation of the two effect lines do not align in the first version. I added one space and then my template ran correctly.

These error messages could be a lot more helpful if AWS would invest in the time, money, and resources to fix them. It would probably save their customers tons of time in development. There would be less support requests. And additionally, these road blocks probably cause developers to throw their hands up and skip security configurations when things don’t work easily. That’s why I’m writing a lot of sample code to help people deploy things more easily.

Please, please, please test your code every which way and write user-friendly error messages — no matter what code you are writing.

Follow for updates.

About Teri Radichel:
~~~~~~~~~~~~~~~~~~~~
⭐️ Author: Cybersecurity Books
⭐️ Presentations: Presentations by Teri Radichel
⭐️ Recognition: SANS Award, AWS Security Hero, IANS Faculty
⭐️ Certifications: SANS ~ GSE 240
⭐️ Education: BA Business, Master of Software Engineering, Master of Infosec
⭐️ Company: Penetration Tests, Assessments, Phone Consulting ~ 2nd Sight Lab

Need Help With Cybersecurity, Cloud, or Application Security?
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
🔒 Request a penetration test or security assessment
🔒 Schedule a consulting call
🔒 Cybersecurity Speaker for Presentation

Follow for more stories like this:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 
❤️ Sign Up my Medium Email List
❤️ Twitter: @teriradichel
❤️ LinkedIn: https://www.linkedin.com/in/teriradichel
❤️ Mastodon: @teriradichel@infosec.exchange
❤️ Facebook: 2nd Sight Lab
❤️ YouTube: @2ndsightlab