Does not work with latest AWS provider (2.69)

Question

Does not work with latest AWS provider (2.69)

Closed this issue 2 years ago · 2 comments

Gives these errors:

Error: Error creating IAM policy assume_cp_prod_env_developer_role: MalformedPolicyDocument: The policy failed legacy parsing
        status code: 400, request id: 0638940c-cbb1-4070-bfcc-ea6ec5f18bfd

  on iam_policy_assume_developer_role.tf line 1, in resource "aws_iam_policy" "assume_env_developer_role":
   1: resource "aws_iam_policy" "assume_env_developer_role" {



Error: Error creating IAM policy assume_cp_legacy_env_developer_role: MalformedPolicyDocument: The policy failed legacy parsing
        status code: 400, request id: d4bbf7e2-b161-4f2e-a3d9-1308fff1deb2

  on iam_policy_assume_developer_role.tf line 1, in resource "aws_iam_policy" "assume_env_developer_role":
   1: resource "aws_iam_policy" "assume_env_developer_role" {



Error: Error creating IAM policy assume_cp_staging_env_developer_role: MalformedPolicyDocument: The policy failed legacy parsing
        status code: 400, request id: 2f83ce76-8221-46e1-ad5e-3a3cd56bca29

  on iam_policy_assume_developer_role.tf line 1, in resource "aws_iam_policy" "assume_env_developer_role":
   1: resource "aws_iam_policy" "assume_env_developer_role" {


Makefile:45: recipe for target 'apply' failed
make: *** [apply] Error 1

Answer 1 · 2021-03-11T06:02:52.000Z

It looks more like you have a typo in the policy based on the MalformedPolicyDocument. I would recommend using the iam_policy_document data source rather than using a here document/json blob as the can be error prone.

See https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document

Answer 2 · 2023-05-02T16:27:34.000Z

Thanks @skoblenick, I have created updated versions split across 2 new tutorials that are up to date, please see the updated readme with the links.