MalformedPolicyDocument error while creating policy via terraform

Question

MalformedPolicyDocument error while creating policy via terraform

When starting terraform, the following error occurs:

* aws_iam_role_policy.rds_policy: Error putting IAM role policy my-rds-policy: MalformedPolicyDocument: The policy failed legacy parsing

Here is my resource definition:

 resource "aws_iam_role_policy" "rds_policy" { name = "my-rds-policy" role = "${aws_iam_role.rds_role.id}" policy = <<EOF { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "s3:ListBucket", "s3:GetBucketLocation" ], "Resource": [ "arn:aws:s3:::my-bucket" ] }, { "Effect": "Allow", "Action": [ "s3:GetObjectMetaData", "s3:GetObject", "s3:PutObject", "s3:ListMultipartUploadParts", "s3:AbortMultipartUpload" ], "Resource": [ "arn:aws:s3:::my-bucket/backups/*" ] } ] } EOF }

The JSON policy document is well-formed and I don't see anything obvious.

+5

amazon-web-services terraform

Robin salih Mar 07 '17 at 15:46

source share

1 answer

ydaetskcoR · Accepted Answer · 2017-03-08T11:36:04+0000

You need to make sure that you have no indentation at the beginning of your EOF heredoc , because your JSON policy should not start with indentation.

So you should be fine with this simple change:

 resource "aws_iam_role_policy" "rds_policy" { name = "my-rds-policy" role = "${aws_iam_role.rds_role.id}" policy = <<EOF { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "s3:ListBucket", "s3:GetBucketLocation" ], "Resource": [ "arn:aws:s3:::my-bucket" ] }, { "Effect": "Allow", "Action": [ "s3:GetObjectMetaData", "s3:GetObject", "s3:PutObject", "s3:ListMultipartUploadParts", "s3:AbortMultipartUpload" ], "Resource": [ "arn:aws:s3:::my-bucket/backups/*" ] } ] } EOF }

MalformedPolicyDocument error while creating policy via terraform

More articles: