3

If I add this policy

{
    "Version": "2012-10-17",
    "Statement": [
        {
        "Effect": "Allow",
        "Principal": {
            "AWS": "arn:aws:iam::xxxxxxxxxxxx:user/stikbook-dev"
        },
        "Action": "sts:AssumeRole"
    }
    ]
}

I'm facing this error

[Ln 4, Col 8Missing Resource: Add a Resource or NotResource element to the policy statement. Learn more
Ln 6, Col 21 Unsupported Principal: The policy type IDENTITY_POLICY does not support the Principal element. Remove the Principal element. Learn more ]

What resource that I want to add? and "unsupported policy"?

luk2302
  • 55,258
  • 23
  • 97
  • 137
Cyril I
  • 273
  • 3
  • 16
  • Where do you want to add that policy? Having no resource and specifying a principal only makes sense when this is the assume role policy / trust relationship of a role. – luk2302 Apr 12 '22 at 10:07
  • I want to add it in custom policy which I generate because I can't able to access aws cli in local machine @luk2302 . I think , this is assume role policy – Cyril I Apr 12 '22 at 10:14

1 Answers1

2

You are generating a trust policy. But it seems that what you want is to create a user managed or inline policy. They have different purpose then trust policy. I guess your policy should look like the following:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "VisualEditor0",
            "Effect": "Allow",
            "Action": "sts:AssumeRole",
            "Resource": "*"
        }
    ]
}

where * can be replaced by a specific ARN of IAM role to be assumed.

luk2302
  • 55,258
  • 23
  • 97
  • 137
Marcin
  • 215,873
  • 14
  • 235
  • 294