Question:
I am trying to create an IAM role using the below template. I am able to create the role with managed policies. When I try to add inline policy in my template I get the error
“Property PolicyDocument cannot be empty.”
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 |
{ "Resources": { "test": { "Type": "AWS::IAM::Role", "Properties": { "AssumeRolePolicyDocument": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Principal": { "Service": [ "ec2.amazonaws.com" ] }, "Action": [ "sts:AssumeRole" ] } ] }, "ManagedPolicyArns": [ "arn:aws:iam::aws:policy/AmazonEC2ReadOnlyAccess", "arn:aws:iam::aws:policy/service-role/AWSLambdaVPCAccessExecutionRole", ], "Policies": [ "PolicyName" : "create_snapshot", "PolicyDocument" : { "Version" : "2012-10-17", "Statement": [ { "Effect" : "Allow", "Action": [ "ec2:DeleteSnapshot", "ec2:CreateTags", "ec2:CreateSnapshot" ], "Resource" : "*" } ] } ], "RoleName": "test" } } } } |
Answer:
Policies is a list of policy objects which is written as follows, with each individual policy object embedded in curly braces inside the [] list:
|
1 2 3 4 5 6 7 8 |
"Policies": [ { "PolicyName" : "policy01", "PolicyDocument" : { ... } }, { "PolicyName" : "policy02", "PolicyDocument" : { ... } } ] |