Create IAM role only with managed CloudFormation policy

Question

When I try to create an IAM role with existing managed policy:

"SomeRole": 

        {

            "Type": "AWS::IAM::Role",

            "Properties": 

            {

                "AssumeRolePolicyDocument": {},

                "ManagedPolicyArns": 

                [

                    "arn:aws:iam::aws:policy/AmazonKinesisReadOnlyAccess",

                    "arn:aws:iam::aws:policy/AmazonDynamoDBFullAccess",

                    "arn:aws:iam::aws:policy/CloudWatchFullAccess"

                ],

                "RoleName": "SomeRole"

            }

        },

But I'm getting the syntax error at (1,3) position.

Answer 1

 Seems like you need to have some value in the "AssumeRolePolicyDocument".

Try with the below code:

{

  "Resources": {

    "NewRole": {

      "Type": "AWS::IAM::Role",

      "Properties": {

        "AssumeRolePolicyDocument": {

          "Version": "2012-10-17",

          "Statement": [

            {

              "Effect": "Allow",

              "Principal": {

                "Service": [

                  "ec2.amazonaws.com"

                ]

              },

              "Action": [

                "sts:AssumeRole"

              ]

            }

          ]

        },

        "ManagedPolicyArns": [

          "arn:aws:iam::aws:policy/AmazonKinesisReadOnlyAccess",

          "arn:aws:iam::aws:policy/AmazonDynamoDBFullAccess",

          "arn:aws:iam::aws:policy/CloudWatchFullAccess"

        ]

      }

    }

  }

}

Want to become AWS Expert? Come & join AWS Certification.

Refer to the below tutorial to learn more about IAM.