im trying to create an aws iam role policy resource on terraform but i got the following error message: MalformedPolicyDocument: The policy failed legacy parsing
Already tried to parse on json formatters and things like that and the json policy looks fine so idk what im missing, thanks for the help!
policy = <<POLICY
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Resource": [
"*"
],
"Action": [
"logs:CreateLogGroup",
"logs:CreateLogStream",
"logs:PutLogEvents"
]
},
{
"Effect": "Allow",
"Action": [
"ec2:CreateNetworkInterface",
"ec2:DescribeDhcpOptions",
"ec2:DescribeNetworkInterfaces",
"ec2:DeleteNetworkInterface",
"ec2:DescribeSubnets",
"ec2:DescribeSecurityGroups",
"ec2:DescribeVpcs"
],
"Resource": "*"
},
{
"Effect": "Allow",
"Action": [
"ec2:CreateNetworkInterfacePermission"
],
"Resource": [
"arn:aws:ec2:${var.REGION}:network-interface/*"
],
"Condition": {
"StringEquals": {
"ec2:Subnet": [
"${element(aws_subnet.private.*.id, 0)}",
"${element(aws_subnet.private.*.id, 1)}"
],
"ec2:AuthorizedService": "codebuild.amazonaws.com"
}
}
},
{
"Effect": "Allow",
"Action": [
"s3:*"
],
"Resource": [
"${aws_s3_bucket.codebuild.arn}",
"${aws_s3_bucket.codebuild.arn}/*"
]
}
]
}
POLICY
CodePudding user response:
I haven't seen the error before, but Googling tells me the JSON parser/processor AWS is using for IAM policies seems very picky. I.e. Version has to come before Statement, etc.
In your particular case based on a comment I found I guess it might be about white space around your value. The comment says:
Additionally, you cannot have an space before the initial "{".
Thus in Terraform what you might need is a trimspace around the whole value:
policy = trimspace(<<POLICY
{
"Version": "2012-10-17",
[... redacted for readability]
}
POLICY
)