Menu
I am trying to create an IAM role using the below template. I am able to create the role with managed policies. When I try to add inline policy in my template I get the error
"Property PolicyDocument cannot be empty."
{
"Resources": {
"test": {
"Type": "AWS::IAM::Role",
"Properties": {
"AssumeRolePolicyDocument": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": [
"ec2.amazonaws.com"
]
},
"Action": [
"sts:AssumeRole"
]
}
]
},
"ManagedPolicyArns": [
"arn:aws:iam::aws:policy/AmazonEC2ReadOnlyAccess",
"arn:aws:iam::aws:policy/service-role/AWSLambdaVPCAccessExecutionRole",
],
"Policies": [
"PolicyName" : "create_snapshot",
"PolicyDocument" : {
"Version" : "2012-10-17",
"Statement": [ {
"Effect" : "Allow",
"Action": [
"ec2:DeleteSnapshot",
"ec2:CreateTags",
"ec2:CreateSnapshot"
],
"Resource" : "*"
} ]
}
],
"RoleName": "test"
}
}
}
}
213
Any series of permissions can be attached to an IAM entity when using an Inline Policy. Like all other policy types, Inline policies can be created using a policy editor or by writing the policy with JSON.
Policies is a list of policy objects which is written as follows, with each individual policy object embedded in curly braces inside the [] list:
"Policies": [ {
"PolicyName" : "policy01",
"PolicyDocument" : { ... }
}, {
"PolicyName" : "policy02",
"PolicyDocument" : { ... }
} ]
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
