Creating a roles gives error

Question

I am using following CLI command to create a role and attach a policy :

aws iam create-role --role-name SMS-Role --assume-role-policy-document file://D:\AWS\Cognito\SMSRolePolicy.txt

SMSRolePolicy.txt contains following policy :

{
"Version": "2012-10-17",
"Statement": {
"Effect": "Allow",
"Resource": "*",
"Action": "sns:publish"
}
}

On executing CLI script I do get following error :

An error occurred (MalformedPolicyDocument) when calling the CreateRole operation: Has prohibited field Resource

In policy document changed Rsource to Principal : { "Version": "2012-10-17", "Statement": { "Effect": "Allow", "Principal": "arn:aws:sns:*", "Action": "sns:publish" } } Now I am getting syntax error on line (5,33) — Aman Khanna

Sam Sam · Accepted Answer · 2017-03-02T08:33:47

what? where is your trust relationship policy document? Your code works for adding policies to an existing attached role. To attach the role, you need to have AssumeRole permission for the resource. it should be something like:

{
  "Version": "2012-10-17",
  "Statement": {
    "Effect": "Allow",
    "Principal": {"Service": "ec2.amazonaws.com"},
    "Action": "sts:AssumeRole"
  }
}

follow the amazon link to set it up correctly.

Creating a roles gives error

1 Answers