MalformedPolicyDocument error on aws policy creation - terraform apply

Question

While inserting new aws IAM policy rule on terraform, terraform plan passes as terraform apply fails on the statement ID.

data "aws_iam_policy_document" "db_iam_policy_document" {
  version =  "2012-10-17"
  statement {
      actions   = ["rds:DeleteDBInstance"]
      effect    = "Deny"
      resources = [
        "arn:aws:rds:us-west-2:123456789:db:*"
      ]
      condition {
        test     = "StringEquals"
        variable = "rds:db-tag/environment"
        values = [
          "production"
        ]
      }
      sid       = "don't_delete_production_dbs !"
    }
 }

The error presented on my CI/CD pipeline as the following:

Error: error updating IAM policy arn:aws:iam::123456789:policy/my_policy_name:  
MalformedPolicyDocument: Statement IDs (SID) must be alpha-numeric. 
Check that your input satisfies the regular expression [0-9A-Za-z]*

Does this answer your question? [Terraform encountered: unmarshaling policy 1: value of type awspolicy.intermediatePolicyDocument](https://stackoverflow.com/questions/73547207/terraform-encountered-unmarshaling-policy-1-value-of-type-awspolicy-intermedia) — Marko E, Sep 19 '22 at 19:43

score 1 · Answer 1 · answered Sep 19 '22 at 19:12

According to aws iam documentation The Sid element on aws policy ( statement id - which helps us to improve and convey a better documenation and readability to our iam rules ) supports ASCII uppercase letters (A-Z), lowercase letters (a-z), and numbers (0-9). we need to change the sid attibute following the right rules and get rid of the incorrect chars ( on this example space, underscore,comma and exclamation mark ).

sid = "productionDBDeletionIsProhibited"

MalformedPolicyDocument error on aws policy creation - terraform apply

1 Answers1