CODEWITHSUNDEEP
amazon-web-servicesboto3
dthomas26
dthomas26

Reputation: 23

Unable to create Policy using boto3

I am trying to create an aws-dynamodb policy using boto3. I am getting the same error every time. please help. I followed as mentioned on https://github.com/awsdocs/aws-doc-sdk-examples/blob/0edf8c7a52a77e405b71931bd9cee9c06f84368c/python/example_code/iam/create_policy.py and also https://boto3.amazonaws.com/v1/documentation/api/latest/guide/iam-example-policies.html

I have tried using command prompt and jupyter both giving me same error.

    import json
    import boto3
    dev = boto3.session.Session(profile_name='xyz')
    iam = dev.client('iam')
    my_managed_policy = {
      "Version": "2019-08-08",
      "Statement": [
        {
            "Sid":"myTableAllActions",
            "Effect":"Allow",
            "Action":"dynamodb:*",
            "Resource":"arn:aws:dynamodb:*:*:table/myTable"
        }
     ]
    }
    try:
      response = iam.create_policy(PolicyName='myTableDynamoDBPolicy',
                                PolicyDocument=json.dumps(my_managed_policy))
      print(response)
    except Exception as err:
      print(str(err))
      print("\n")
      print(traceback.format_exc())

"I am expecting the policy to be created (I have all the admin privileges). I am able to perform insert/update operation on the table. However, while creating a policy, I am getting this error"

"An error occurred (MalformedPolicyDocument) when calling the CreatePolicy operation: Syntax errors in policy.

Traceback (most recent call last):
  File "<ipython-input-388-d2afcb29d5da>", line 21, in <module>
    PolicyDocument=json.dumps(my_managed_policy))
  File "/Users/dthomas/anaconda3/envs/pytf36/lib/python3.6/site-packages/botocore/client.py", line 357, in _api_call
    return self._make_api_call(operation_name, kwargs)
  File "/Users/dthomas/anaconda3/envs/pytf36/lib/python3.6/site-packages/botocore/client.py", line 661, in _make_api_call
    raise error_class(parsed_response, operation_name)
botocore.errorfactory.MalformedPolicyDocumentException: An error occurred (MalformedPolicyDocument) when calling the CreatePolicy operation: Syntax errors in policy."

Upvotes: 1

Views: 695

Answers (1)

jarmod
jarmod

Reputation: 78860

Your version string "2019-08-08" is invalid. Valid values are "2008-10-17" and "2012-10-17".

The way I debugged this was to try and create a new IAM policy in the IAM console using your policy document. It immediately told me what the problem was:

This policy contains the following error: The policy must contain a valid version string.

For more information about the IAM policy grammar, see AWS IAM Policies.

Upvotes: 1

Related Questions