How can I use the AWS CLI to add a trust policy to a role?
I am attempting to update the trust policy for a role to include a user. I have successfully achieved this using the AWS Management Console.
However, when attempting to do the same using the AWS CLI, I encountered the following error messages: (I tried by copying the same JSON used in AWS console in command line and in JSON file.)
aws iam update-assume-role-policy --role-name my_role_name --policy-document '{"Action":"sts:AssumeRole","Effect":"Allow","Principal":{"AWS":["arn:aws:iam::xxxxxxxxxxxx:user/my_user_name"]},"Sid":""}'
An error occurred (MalformedPolicyDocument) when calling the UpdateAssumeRolePolicy operation: This policy contains invalid Json
aws iam update-assume-role-policy --role-name my_role_name --policy-document file://path/to/policy.json
An error occurred (MalformedPolicyDocument) when calling the UpdateAssumeRolePolicy operation: Syntax error at position (1,12)
Is this the right way to add it using AWS CLI ?
Solution
My testing shows that it wants the FULL policy, including the Version.
This works:
aws iam update-assume-role-policy --role-name my_role_name --policy-document '{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::123456789012:user/foo"
},
"Action": "sts:AssumeRole"
}
]
}'
It would therefore be replacing the existing policy rather than appending to it.
- Get last modified object from S3 using AWS CLI
- "host not allowed" error when deploying a play framework application to Amazon AWS with Boxfuse
- Is there a way to use PyGithub on AWS Lambda
- Neptune throws Bad handshake error while connecting to a IAM Enabled Neptune Instance
- How to extract files from a zip archive in S3
- How do I use the aws cli to set permissions on files in an S3 bucket?
- Nextflow process running in AWS with docker container can't find program in $PATH, although program is there
- How do I setup and use Laravel Scheduling on AWS Elastic Beanstalk?
- Where does docker store it's temp files during extraction?
- Which is the best way on AWS to set up a CI/CD of a Django app from GitHub?
- Make VPC creation optional
- How to point ApiGateway to a specific Lambda alias
- AWS s3 V3 Javascript SDK stream file from bucket (GetObjectCommand)
- Can we setup third Party SSL certificate AWS lightsail loadbalancer
- A proper way to use AWS Redis Cluster with Celery
- How to rollback to previous version in Amazon S3 bucket?
- Why does S3.deleteObject not fail when the specified key doesn't exist?
- I can't delete AWS appconfig configuration and environment
- How to run Anaconda Python on sudo
- `aws ecs execute-command` results in `TargetNotConnectedException` `The execute command failed due to an internal error`
- AWS authorizer returns 500, message: null, with AuthorizerConfigurationException error in response
- Call S3 pre-signed URL with postman
- Terraform error when module has a count on the input that is not yet created
- Is there a way to point my machine's kubectl to a K8s cluster hosted on EC2 Instances?
- MWAA CLI - Stop Dags Execution
- Lambda@Edge not logging on cloudfront request
- User-data scripts is not running on my custom AMI, but working in standard Amazon linux
- Run docker commands in AWS Lambda Function
- Django ALLOWED_HOSTS for Amazon ELB
- CodeDeploy blue/green ECS fargate error: Invalid arn syntax