CODEWITHSUNDEEP
amazon-web-servicesamazon-iamaws-cliaws-iam-policy
Minto Mohan
Minto Mohan

Reputation: 88

How can I use the AWS CLI to add a trust policy to a role?

I am attempting to update the trust policy for a role to include a user. I have successfully achieved this using the AWS Management Console.

enter image description here

However, when attempting to do the same using the AWS CLI, I encountered the following error messages: (I tried by copying the same JSON used in AWS console in command line and in JSON file.)

aws iam update-assume-role-policy --role-name my_role_name --policy-document '{"Action":"sts:AssumeRole","Effect":"Allow","Principal":{"AWS":["arn:aws:iam::xxxxxxxxxxxx:user/my_user_name"]},"Sid":""}'

An error occurred (MalformedPolicyDocument) when calling the UpdateAssumeRolePolicy operation: This policy contains invalid Json

aws iam update-assume-role-policy --role-name my_role_name --policy-document file://path/to/policy.json

An error occurred (MalformedPolicyDocument) when calling the UpdateAssumeRolePolicy operation: Syntax error at position (1,12)

Is this the right way to add it using AWS CLI ?

Upvotes: 0

Views: 666

Answers (1)

John Rotenstein
John Rotenstein

Reputation: 270089

My testing shows that it wants the FULL policy, including the Version.

This works:

aws iam update-assume-role-policy --role-name my_role_name --policy-document '{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Principal": {
                "AWS": "arn:aws:iam::123456789012:user/foo"
            },
            "Action": "sts:AssumeRole"
        }
    ]
}'

It would therefore be replacing the existing policy rather than appending to it.

Upvotes: 1

Related Questions