https://pulumi.com logo
#aws
Title
# aws
h

hundreds-camera-94703

04/03/2024, 3:45 AM
hello, An error occurs when creating an iam role with pulumi. No matter how much I search, I can't solve the problem, and since I'm a root account, it's not a permission issue. I would appreciate your help. • error message
Copy code
* creating IAM Role (aws_marketplace_lambda): MalformedPolicyDocument: Has prohibited field Resource status code: 400
• code
Copy code
policy_document = aws.iam.get_policy_document(
    version='2012-10-17',
    statements=[
        aws.iam.GetPolicyDocumentStatementArgs(
            sid='',
            actions=['sts:AssumeRole'],
            resources=['arn:aws:s3:::*'],
            principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(
                type="Service",
                identifiers=["<http://lambda.amazonaws.com|lambda.amazonaws.com>"],
            )],
            effect='Allow'
        )
    ]
)

lambda_role = aws.iam.Role(
    role_name,
    assume_role_policy=policy_document.json
)
Could Sid be the problem?
Just remove the resource. It is said that resource and sid are not needed in sts:AssumeRole.
2 Views