{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "SrcBucket",
"Effect": "Allow",
"Action": "s3:*",
"Resource": ["arn:aws:s3:::<s3-bucketname>"]
}
]
}
I am using a script in ansible to create IAM user with the above policy permissions.
I can use the same policy document in aws console and create the policy, without any issue. But when I trying doing the same with the ansible script. I get the following Error.
An exception occurred during task execution. To see the full traceback, use -vvv. The error was: botocore.errorfactory.MalformedPolicyDocumentException: An error occurred (MalformedPolicyDocument) when calling the PutUserPolicy operation: Syntax errors in policy.
[DEPRECATION WARNING]: The skip_duplicates behaviour has caused confusion and will be disabled by default in Ansible 2.14. This feature will be removed from community.aws in a release after 2022-06-01. Deprecation warnings can be disabled by setting
deprecation_warnings=False in ansible.cfg.
fatal: [localhost]: FAILED! => changed=false
boto3_version: 1.18.18
botocore_version: 1.21.18
error:
code: MalformedPolicyDocument
message: Syntax errors in policy.
type: Sender
msg: 'An error occurred (MalformedPolicyDocument) when calling the PutUserPolicy operation: Syntax errors in policy.'
response_metadata:
http_headers:
connection: close
content-length: '279'
content-type: text/xml
date: Tue, 15 Feb 2022 16:38:04 GMT
x-amzn-requestid: 1261725a-253d-4ddb-9452-66978bd88092
http_status_code: 400
request_id: 1261725a-253d-4ddb-9452-66978bd88092
retry_attempts: 0
In fact I copied back the policy created on aws console to make sure this was not an issue with white spaces. I also validated the doc against a json validator. I have confirmed that the arn for the s3 bucket is the one I have listed in resource. That didn't seem to help. Any suggestions would be greatly appreciated. thanks
