Im new to IAM policies. Trying to combine below two policies and make single one. The role is AmazonEKSVPCCNIRole
below are two policies :
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": "ec2.amazonaws.com"
},
"Action": "sts:AssumeRole"
}
]
}
and
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Federated": "<arn-value>"
},
"Action": "sts:AssumeRoleWithWebIdentity",
"Condition": {
"StringEquals": {
"oidc.eks.us-east-1.amazonaws.com/id/<id>:sub": "system:serviceaccount:kube-system:aws-node",
"oidc.eks.us-east-1.amazonaws.com/id/<id>:aud": "sts.amazonaws.com"
}
}
}
]
}
i just need single policy combining above two policies. Im getting JSON error when trying to combine. please help to create single policy
CodePudding user response:
Can add the element in the statement array separated by comma. This is trust policy and not a normal policy.
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Federated": "<arn-value>"
},
"Action": "sts:AssumeRoleWithWebIdentity",
"Condition": {
"StringEquals": {
"oidc.eks.us-east-1.amazonaws.com/id/<id>:sub": "system:serviceaccount:kube-system:aws-node",
"oidc.eks.us-east-1.amazonaws.com/id/<id>:aud": "sts.amazonaws.com"
}
}
},
{
"Effect": "Allow",
"Principal": {
"Service": "ec2.amazonaws.com"
},
"Action": "sts:AssumeRole"
}
]
}