Intellipaat Back

Explore Courses Blog Tutorials Interview Questions
0 votes
2 views
in AWS by (19.1k points)

I am trying out a simple example suggested by AWS documentation to create a role using a policy json file

http://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create_for-service.html And I get the error

A client error (MalformedPolicyDocument) occurred when calling the CreateRole operation: Has prohibited field Resource

Here's the command,

>> aws iam create-role --role-name test-service-role --assume-role-policy-document file:///home/ec2-user/policy.json

A client error (MalformedPolicyDocument) occurred when calling the CreateRole operation: Has prohibited field Resource

The policy is the exact same as the one mentioned in the example

>> cat policy.json 

{

  "Version": "2012-10-17",

  "Statement": {

    "Effect": "Allow",

    "Action": "s3:ListBucket",

    "Resource": "arn:aws:s3:::example_bucket"

  

}

My version seems to be up to date

>> aws --version

aws-cli/1.9.9 Python/2.7.10 Linux/4.1.10-17.31.amzn1.x86_64 botocore/1.3.9

1 Answer

0 votes
by (44.4k points)

For this, you would need to create a trust relationship policy.

{

  "Version": "2012-10-17",

  "Statement": {

    "Effect": "Allow",

    "Principal": {"Service": "ec2.amazonaws.com"},

    "Action": "sts:AssumeRole"

  

}

Use this trust relationship policy document. This is not a normal policy document, you have to provide this in the trust relationship tab available in roles.

If you wish to know more about this online storage solution by amazon, you can read Amazon S3Do you want to master AWS, then do checkout the aws certification training by Intellipaat.

Related questions

0 votes
1 answer
Want to get 50% Hike on your Salary?

Learn how we helped 50,000+ professionals like you !

0 votes
2 answers

1.2k questions

2.7k answers

501 comments

693 users

Browse Categories

...