One of the following scenarios apply:
Problem scenario #1
You want to run a command like this:aws iam put-role-policy --role-name contintdelete-role --policy-name DELETEPOLICY --policy-document file://adminPolicy.json
But you do not know the syntax of the adminPolicy.json.
Problem scenario #2
You are trying to use the --policy-document flag with the command "aws iam put-role-policy". But you get this error:
An error occurred (MalformedPolicyDocument) when calling the PutRolePolicy operation: Syntax errors in policy.
Problem scenario #3
You created a role with this command. aws iam create-role --role-name contintdelete-role --assume-role-policy-document file://Test-Role-Trust-Policy.json
How do you create a role that works (and uses other AWS managed policies) using the AWS CLI?
Solution
Make sure your adminPolicy.json file, which is consumed by the mandatory option of --policy-document, has syntax like this:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "",
"Effect": "Allow",
"Action": [
"iam:AmazonEKSClusterPolicy",
"iam:AmazonEKSWorkerNodePolicy",
"iam:AmazonEC2ContainerRegistryReadOnly"],
"Resource": "arn:aws:iam::123456789:role/contintdelete-role"
}
]
}
(The input file does not have to have the extension .json. The above example has the policies for a role to create a node in EKS.)