Terraform - MalformedPolicyDocument: The policy failed legacy parsing
I started my professional career in 2012 as Systems Administrator and continued it until 2018 to become DevOps Engineer. I work with AWS since 2016 and I am 5 times certified AWS Specialist.
I was affected by a bug in the AWS provider for Terraform recently.
I've got the following error when applying Terraform changes:
Error: creating IAM Policy (MyPolicyName): MalformedPolicyDocument: The policy failed legacy parsing
According to the AWS docs the policy for sts:AssumeRole should look like the following:
{
"Version": "2012-10-17",
"Statement": {
"Effect": "Allow",
"Action": "sts:AssumeRole",
"Resource": "arn:aws:iam::account-id:role/Test*"
}
}
It works that way in AWS Console and with AWS CLI (I have personally tried that in AWS Console and people on the Internet reported that it works in AWS CLI).
But not with Terraform!
The bug in the provider requires an array to be used for the Statement, like this:
{
"Version": "2012-10-17",
"Statement": [{
"Effect": "Allow",
"Action": "sts:AssumeRole",
"Resource": "arn:aws:iam::account-id:role/Test*"
}]
}
Regardless of a single statement being used in the policy.
When I was trying to google the error without the Terraform keyword, the results were showing that I may be missing the Version statement, which I copied from AWS docs, or that it could be missing !Sub directive in my CloudFormation Stack, which I didn't have at all.
I hope you find that useful and if you are affected too, feel free to upvote the issue!
