how to combine two IAM policies together-CodePudding

Im new to IAM policies. Trying to combine below two policies and make single one. The role is AmazonEKSVPCCNIRole

below are two policies :

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Principal": {
                "Service": "ec2.amazonaws.com"
            },
            "Action": "sts:AssumeRole"
        }
    ]
}

and

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Principal": {
                "Federated": "<arn-value>"
            },
            "Action": "sts:AssumeRoleWithWebIdentity",
            "Condition": {
                "StringEquals": {
                    "oidc.eks.us-east-1.amazonaws.com/id/<id>:sub": "system:serviceaccount:kube-system:aws-node",
                    "oidc.eks.us-east-1.amazonaws.com/id/<id>:aud": "sts.amazonaws.com"
                }
            }
        }
    ]
}

i just need single policy combining above two policies. Im getting JSON error when trying to combine. please help to create single policy

CodePudding user response：

Can add the element in the statement array separated by comma. This is trust policy and not a normal policy.

{
"Version": "2012-10-17",
"Statement": [
    {
        "Effect": "Allow",
        "Principal": {
            "Federated": "<arn-value>"
        },
        "Action": "sts:AssumeRoleWithWebIdentity",
        "Condition": {
            "StringEquals": {
                "oidc.eks.us-east-1.amazonaws.com/id/<id>:sub": "system:serviceaccount:kube-system:aws-node",
                "oidc.eks.us-east-1.amazonaws.com/id/<id>:aud": "sts.amazonaws.com"
            }
        }
    },
 {
        "Effect": "Allow",
        "Principal": {
            "Service": "ec2.amazonaws.com"
        },
        "Action": "sts:AssumeRole"
    }
]

}