AWS create role - Has prohibited field

Question

I am trying out a simple example suggested by AWS documentation to create a role using a policy json file

http://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create_for-service.html And I get the error

A client error (MalformedPolicyDocument) occurred when calling the CreateRole operation: Has prohibited field Resource

Here's the command,

>> aws iam create-role --role-name test-service-role --assume-role-policy-document file:///home/ec2-user/policy.json

A client error (MalformedPolicyDocument) occurred when calling the CreateRole operation: Has prohibited field Resource

The policy is the exact same as the one mentioned in the example

>> cat policy.json 

{

  "Version": "2012-10-17",

  "Statement": {

    "Effect": "Allow",

    "Action": "s3:ListBucket",

    "Resource": "arn:aws:s3:::example_bucket"

  

}

My version seems to be up to date

>> aws --version

aws-cli/1.9.9 Python/2.7.10 Linux/4.1.10-17.31.amzn1.x86_64 botocore/1.3.9

Answer 1

For this, you would need to create a trust relationship policy.

{

  "Version": "2012-10-17",

  "Statement": {

    "Effect": "Allow",

    "Principal": {"Service": "ec2.amazonaws.com"},

    "Action": "sts:AssumeRole"

  

}

Use this trust relationship policy document. This is not a normal policy document, you have to provide this in the trust relationship tab available in roles.

If you wish to know more about this online storage solution by amazon, you can read Amazon S3. Do you want to master AWS, then do checkout the aws certification training by Intellipaat.