AWS malformed policy error

Amazon Web-Services

Amazon Web-Services Problem Overview

I am trying to set an AWS group policy via the AWS CLI like so:

aws iam put-group-policy --group-name my-group --policy-name \
    s3-full-access --policy-document /tmp/policy.json

This is the content of /tmp/policy.json:

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Action": [
        "s3:ListAllMyBuckets"
      ],
      "Effect": "Allow",
      "Resource": "arn:aws:s3:::*"
    },
    {
      "Action": "s3:*",
      "Effect": "Allow",
      "Resource": "arn:aws:s3:::my-bucket*"
    }
  ]
}

I keep getting the following error:

A client error (MalformedPolicyDocument) occurred when calling the PutGroupPolicy operation: The policy is not in the valid JSON format.

I do not know how to proceed, the error is too unspecific. Anyone able to help?

Amazon Web-Services Solutions

Solution 1 - Amazon Web-Services

Solved this riddle!

There has to be a file:// prefix in front of the policy file name:

aws iam put-group-policy --group-name my-group --policy-name s3-full-access --policy-document file:///tmp/policy.json

The original error message is very misleading, as you get the same message if you provide a filename that does not exist at all.

So it is not the syntax of the policy in the file but the fact that the CLI does not see the file at all, that causes the error.

Solution 2 - Amazon Web-Services

I was facing the same issue on window 10 and this help me.

**file** : followed by **two Forward slash** like         :"file://"
**Path on window 10** : followed by **Backward slash** like 
:"c:\Users\Anand\Desktop\anand-jan19.json"

C:\Users\Anand>aws iam create-policy --policy-name anand-jan19 --policy-document file://c:\Users\Anand\Desktop\anand-jan19.json
{
    "Policy": {
        "PolicyName": "anand-jan19",
        "PolicyId": "EQWEQBV33ewrwYCRCS",
        "Arn": "arn:aws:iam::56433378:policy/anand-jan19",
        "Path": "/",
        "DefaultVersionId": "v1",
        "AttachmentCount": 0,
        "PermissionsBoundaryUsageCount": 0,
        "IsAttachable": true,
        "CreateDate": "2019-02-10T04:03:32Z",
        "UpdateDate": "2019-02-10T04:03:32Z"
    }
}

Solution 3 - Amazon Web-Services

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ PS command: Example 1.

aws iam create-role --role-name vmimport --assume-role-policy-document file:///policy/trust-policy.json

Actual path**: C:\policy\trust-policy.json ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

PS command: Example 2.

aws iam put-role-policy --role-name vmimport --policy-name vmimport --policy-document file:///policy/role-policy.json

Actual path**: C:\policy\role-policy.json +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Categories
Recommended Amazon Web-Services Solutions

Previous Solution:

How do I put different types in a dictionary in the Swift Language?

SwiftDictionary

Next Solution:

CSS :before on inline SVG

CssHtmlSvgPseudo Element

Attributions

All content for this solution is sourced from the original question on Stackoverflow.

The content on this page is licensed under the Attribution-ShareAlike 4.0 International (CC BY-SA 4.0) license.

Content TypeOriginal AuthorOriginal Content on Stackoverflow
QuestionAlexander PresberView Question on Stackoverflow
Solution 1 - Amazon Web-ServicesAlexander PresberView Answer on Stackoverflow
Solution 2 - Amazon Web-ServicesAnand KushwahaView Answer on Stackoverflow
Solution 3 - Amazon Web-ServicesRupesh DiwakerView Answer on Stackoverflow