Hello all! I am having an issue with this simple example from the site:

import pulumi
import json
import pulumi_aws as aws

managed_policy_arns = [
    "arn:aws:iam::aws:policy/AmazonEKSWorkerNodePolicy",
    "arn:aws:iam::aws:policy/AmazonEKS_CNI_Policy",
    "arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly",
]


assume_role_policy = json.dumps({
    "Version": "2012-10-17",
    "Statement": [{
        "Action": "sts:AssumeRole",
        "Effect": "Allow",
        "Sid": None,
        "Principal": {
            "Service": "<http://ec2.amazonaws.com|ec2.amazonaws.com>",
        },
    }],
})

role1 = aws.iam.Role("jarvis",
    assume_role_policy=assume_role_policy,
    managed_policy_arns=managed_policy_arns)

When I try to run I get MalformedPolicyDocument error. I debugged following this https://aws.amazon.com/premiumsupport/knowledge-center/cloudformation-malformed-policy-errors/ and I saw that the assumeRolePolicyDocument seemed bad formatted, it was like this:

{
    "path": "/",
    "roleName": "jarvis-1be401b",
    "assumeRolePolicyDocument": "{"Version": "2012-10-17", "Statement": [{"Action": "sts:AssumeRole", "Effect": "Allow", "Sid": null, "Principal": {"Service": "<http://ec2.amazonaws.com|ec2.amazonaws.com>"}}]}",
    "maxSessionDuration": 3600
}

But it seems it should not the double quotes at the beginning... anyone else with this problem? any work around it? Appreciate your attention

I highly suggest Getting the policy Document with the GetPolicyDocument function instead of trying to format the JSON yourself. This way you will ensure the shape is correct and is what AWS will want given you've fetched it from AWS.

That seems reasonable and makes total sense...

fwiw, got the same error. fixed by setting

Sid

to an empty string, or some arbitrary "id" instead of

null

(or

None

/

nil

etc depending on the language)🤷

Don't specify the

Sid

at all and it should work.