I am following this tutorial:
https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-cli-tutorial-fargate.html
the json for a policy is as shown:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "",
"Effect": "Allow",
"Principal": {
"Service": "ecs-tasks.amazonaws.com"
},
"Action": "sts:AssumeRole"
}
]
}
but when I run:
aws iam --region us-west-2 create-role --role-name ecsTaskExecutionRole --assume-role-policy-document task-execution-assume-role.json
I get:
An error occurred (MalformedPolicyDocument) when calling the CreateRole operation: This policy contains invalid Json
I know the filepath is right, because if it's wrong I get a different error. At first I thought it was "invalid json" because "sid" is an empty string, I removed that property and got the same error.
anyone know what's wrong here?
You need to specify the assume-role-policy-document as file://task-execution-assume-role.json.
From the documentation you linked
aws iam --region us-west-2 create-role --role-name ecsTaskExecutionRole --assume-role-policy-document file://task-execution-assume-role.json
it's not a very intuitive error that the cli throws because of the missing file://...
aws iam --region us-west-2 create-role \
--role-name ecsTaskExecutionRole \
--assume-role-policy-document task-execution-assume-role.json
An error occurred (MalformedPolicyDocument) when calling the CreateRole operation: This policy contains invalid Json
With the added file:// the create goes through
aws iam --region us-west-2 create-role \
--role-name ecsTaskExecutionRole \
--assume-role-policy-document file://task-execution-assume-role.json
{
"Role": {
"AssumeRolePolicyDocument": {
"Version": "2012-10-17",
"Statement": [
{
"Action": "sts:AssumeRole",
"Effect": "Allow",
"Principal": {
"Service": "ecs-tasks.amazonaws.com"
}
}
]
},
"RoleId": "AROA2ZHAP3GUV5UTOV5ZF",
"CreateDate": "2019-07-31T23:15:04Z",
"RoleName": "ecsTaskExecutionRole",
"Path": "/",
"Arn": "arn:aws:iam::*******:role/ecsTaskExecutionRole"
}
}