Hi folks, I met an issue on creating aws serviceRole with pulumi, some code example needs to be updated. In pulumi's doc, rolePolicy string is

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "AllowAssumeRole",
      "Effect": "Allow",
      "Principal": "<http://ec2.amazonaws.com|ec2.amazonaws.com>",
      "Action": "sts:AssumeRole"
    }
  ]
}

Which is different from AWS' doc

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Principal": {
        "Service": "<http://ec2.amazonaws.com|ec2.amazonaws.com>"
      },
      "Action": "sts:AssumeRole"
    }
  ]
}

Different schema on

Principal

field. And that will cause error like:

Error creating IAM Role xxx-role-53da5df: MalformedPolicyDocument: Syntax error at position (6,41)

.