How Do You Know the Syntax of the JSON for the –policy-document Flag for Adding Policies to a Role in AWS?

One of the following scenarios apply:

Problem scenario #1
You want to run a command like this:
aws iam put-role-policy --role-name contintdelete-role --policy-name DELETEPOLICY --policy-document file://adminPolicy.json

But you do not know the syntax of the adminPolicy.json.

Problem scenario #2
You are trying to use the --policy-document flag with the command "aws iam put-role-policy". But you get this error:

An error occurred (MalformedPolicyDocument) when calling the PutRolePolicy operation: Syntax errors in policy.

Problem scenario #3
You created a role with this command. aws iam create-role --role-name contintdelete-role --assume-role-policy-document file://Test-Role-Trust-Policy.json How do you create a role that works (and uses other AWS managed policies) using the AWS CLI?

Solution
Make sure your adminPolicy.json file, which is consumed by the mandatory option of --policy-document, has syntax like this:

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "",
      "Effect": "Allow",
      "Action": [
          "iam:AmazonEKSClusterPolicy",
          "iam:AmazonEKSWorkerNodePolicy",
          "iam:AmazonEC2ContainerRegistryReadOnly"],
      "Resource": "arn:aws:iam::123456789:role/contintdelete-role"
    }
  ]
}

(The input file does not have to have the extension .json. The above example has the policies for a role to create a node in EKS.)

Leave a comment

Your email address will not be published. Required fields are marked *