Surodeep
Reputation: 31
Getting error while creating the policy IAM resource path must either be
I am getting the following error.
IAM resource path must either be "*" or start with user/, federated-user/, role/, group/, instance-profile/, mfa/, server-certificate/, policy/, sms-mfa/, saml-provider/, oidc-provider/, report/, access-report/.
Please help me out here.
Here is my code.
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"ssm:StartSession"
],
"Resource": [
"arn:aws:iam::197709948620:instance/*"
],
"Condition": {
"StringLike": {
"ssm:resourceTag/Finance": [
"Web Server"
]
}
}
},
{
"Effect": "Allow",
"Action": [
"ssm:TerminateSession"
],
"Resource": [
"arn:aws:ssm:*:*:session/${aws:username}-*"
]
}
]
}
Upvotes: 3
Views: 2811
Answers (1)
Marcin
Reputation: 238209
The following resource is incorrect:
arn:aws:iam::197709948620:instance/*
instance is ec2, not iam. It should be:
arn:aws:ec2::197709948620:instance/*
Upvotes: 3
Related Questions
- policy contains an invalid JSON POLICY
- Unable to Create Policy for AWS ECR
- An error occurred: Policy document should not specify a principal
- Error while creating resource based policy
- Getting an error for the below IAM policy "This policy contains the following error: Missing required field Effect "
- IAM Policy with `aws:ResourceTag` not supported
- AWS-IAM policy on access key giving error message
- AWS malformed policy error
- Policy has invalid resource
- EC2 IAM Policy not working with ResourceTag