Create IAM role only with managed cloudformation policy
25,327
Looks like you have to have some value in the AssumeRolePolicyDocument
.
Try with this one.
{
"Resources": {
"NewRole": {
"Type": "AWS::IAM::Role",
"Properties": {
"AssumeRolePolicyDocument": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": [
"ec2.amazonaws.com"
]
},
"Action": [
"sts:AssumeRole"
]
}
]
},
"ManagedPolicyArns": [
"arn:aws:iam::aws:policy/AmazonKinesisReadOnlyAccess",
"arn:aws:iam::aws:policy/AmazonDynamoDBFullAccess",
"arn:aws:iam::aws:policy/CloudWatchFullAccess"
]
}
}
}
}
Author by
Vivek Goel
Updated on July 09, 2022Comments
-
Vivek Goel almost 2 years
I am trying to create IAM role with existing maneged policy:
"SomeRole": { "Type": "AWS::IAM::Role", "Properties": { "AssumeRolePolicyDocument": {}, "ManagedPolicyArns": [ "arn:aws:iam::aws:policy/AmazonKinesisReadOnlyAccess", "arn:aws:iam::aws:policy/AmazonDynamoDBFullAccess", "arn:aws:iam::aws:policy/CloudWatchFullAccess" ], "RoleName": "SomeRole" } },
But it is failing with error: Syntax error at position (1,3)
-
David J Eddy over 5 yearsDid the trick, TY. CloudFormation si really a pain sometimes.