Home > other >  how to fix MalformedPolicyDocument
how to fix MalformedPolicyDocument

Time:12-14

I am trying to create a trust policy that only grant a specific role access to assume it role{role chaining} but when I run terraform,i am getting the below error message

error updating IAM Role (GitActions_Workflow_role) assume role policy: MalformedPolicyDocument: Invalid principal in policy: "AWS":"arn:aws:iam::12345678910:role/Orchestration_Role"

please how can I create a trust policy role that only grants another role to assume it ?How do i fix the error message in my Principal session

resource "aws_iam_role" "GitHubActions" {
  name = var.role_name

  assume_role_policy = <<EOF
{
  "Version":"2012-10-17",
  "Statement": {
    "Effect": "Allow",
    "Principal": {
      "AWS":"arn:aws:iam::${var.oidc_account}:role/${var.orchestration_role_name}"
    },
    "Action": "sts:AssumeRole",
    "Condition": {}
  }
}
EOF 
}

variables.tf

variable "role_name"{
    type        = string
}


variable "managed_policy"{
    type        = string
}

variable "orchestration_role_name"{
    type = string
    default = "Orchestration_Role"
}

variable "oidc_account"{
    type = string
    default = "12345678910"
}

CodePudding user response:

The principle role must exist before you try to use it. You can't create aws_iam_role.GitHubActions if Orchestration_Role hasn't been yet created.

  • Related