I am working on AWS organization : currently creating scp policies under AWS organization as below:
Python file:
policies = config['policies']
for policy in policies:
try:
OUPolicy = client.create_policy(
Description=policy['description'],
Name= policy['Name'],
Content=policy['content'],
Type='SERVICE_CONTROL_POLICY'
)
YAML file:
policies:
- Name: xyz
description: Service Control Policies for xyz
content:
Version: 2012-10-17
Statement:
- Effect: Allow
Resource: "*"
Action: "*"
- Effect: Deny
Resource: "*"
Action: "*
I verified the YAML template and It is in proper format but still getting error as below:
Parameter validation failed:
Invalid type for parameter Content, value: {'Version': datetime.date(2012, 10, 17), 'Statement': [{'Effect': 'Allow', 'Resource': '*', 'Action': '*'}, {'Effect': 'Deny', 'Resource': '*', 'Action': '*'}]}, type: <class 'dict'>, valid types: <class 'str'>
According to the documentation of create_policy that you've shown,
Content (string) -- [REQUIRED] The policy content to add to the new policy. For example, if you create a service control policy (SCP), this string must be JSON text that specifies the permissions that admins in attached accounts can delegate to their users, groups, and roles.
you need to encode the dictionary policy['content'] (which you've decoded from the YAML document) back to a JSON string.
You can do that using json.dumps:
import json
...
client.create_policy(
...
Content=json.dumps(policy['content']),
...
)