Invalid parameter value error of YAML file

Question

I am working on AWS organization : currently creating scp policies under AWS organization as below:

Python file:

policies = config['policies']

for policy in policies:
 try:
   OUPolicy = client.create_policy(
      Description=policy['description'],
      Name= policy['Name'],
      Content=policy['content'],
      Type='SERVICE_CONTROL_POLICY'
    )

YAML file:

 policies:
 - Name: xyz
   description: Service Control Policies for xyz
   content:
     Version: 2012-10-17
     Statement:
     - Effect: Allow
       Resource: "*"
       Action: "*"
     - Effect: Deny
       Resource: "*"
       Action: "*

I verified the YAML template and It is in proper format but still getting error as below:

Parameter validation failed:
Invalid type for parameter Content, value: {'Version': datetime.date(2012, 10, 17), 'Statement': [{'Effect': 'Allow', 'Resource': '*', 'Action': '*'}, {'Effect': 'Deny', 'Resource': '*', 'Action': '*'}]}, type: <class 'dict'>, valid types: <class 'str'>

It appears as if you aren't passing the content of the YAML file to `client.create_policy` according to its requirements. Guessing from the last part of the error message, it wants a string instead of a dictionary. I suggest you look up the documentation for that function. — mkrieger1, Oct 25 '18 at 19:33
I checked number of times but not able to identify the error ..Could you please help ? I really appreciate — Jiya, Oct 25 '18 at 20:39
What does the documentation of `client.create_policy` say about the `Content` parameter? We cannot know what the problem is unless you tell us exactly where this function comes from. — mkrieger1, Oct 25 '18 at 20:44
According to aws boto3 doc : response = client.create_policy( Content='string', Description='string', Name='string', Type='SERVICE_CONTROL_POLICY' ) — Jiya, Oct 25 '18 at 20:57
Content (string) -- [REQUIRED] The policy content to add to the new policy. For example, if you create a service control policy (SCP), this string must be JSON text that specifies the permissions that admins in attached accounts can delegate to their users, groups, and roles. . — Jiya, Oct 25 '18 at 20:58

score 0 · Accepted Answer · answered Oct 25 '18 at 21:12

According to the documentation of create_policy that you've shown,

Content (string) -- [REQUIRED] The policy content to add to the new policy. For example, if you create a service control policy (SCP), this string must be JSON text that specifies the permissions that admins in attached accounts can delegate to their users, groups, and roles.

you need to encode the dictionary policy['content'] (which you've decoded from the YAML document) back to a JSON string.

You can do that using json.dumps:

import json

...

client.create_policy(
  ...
  Content=json.dumps(policy['content']),
  ...
)

score 0 · Answer 2 · answered Oct 29 '18 at 14:21

Answer:

policies = config['policies']

for policy in policies:
 try:
   OUPolicy = client.create_policy(
      Description=policy['description'],
      Name= policy['Name'],
      Content=json.dumps(policy['content']),
      Type='SERVICE_CONTROL_POLICY'
    )

Invalid parameter value error of YAML file

2 Answers2