Fix AWS CDK Managed Policy is Empty You must Add Statements

avatar

Borislav Hadzhiev

Tue Apr 27 20211 min read

banner

Photo by Colton Duke

In order to solve the "Managed policy is Empty" error in AWS CDK, we have to add policy statements to the managed policy.

Solving Managed Policy is Empty Error in AWS CDK #

In order to solve the "Managed Policy is empty. You must add statements to the policy" error in AWS CDK, we have to pass an array of policy statement instances to the managed policy.

For example, the following code gets the error:

const managedPolicy = new iam.ManagedPolicy(this, 'managed-policy-id');

To solve the error, we have to add at least 1 policy statement to the managed policy:

const managedPolicy = new iam.ManagedPolicy(this, 'managed-policy-id', {
  // ๐Ÿ‘‡ add policy statements
  statements: [
    new iam.PolicyStatement({
      effect: iam.Effect.DENY,
      actions: ['sqs:*'],
      resources: ['*'],
    }),
  ],
});

In the code snippet, we've added a policy statement, and that solves the error.

There is a test in the cdk source code, that checks whether a managed policy is empty and throws the exact same error, so this is the expected behavior.

If you want to read more about creating IAM Policies in AWS CDK, check out my other article - AWS CDK IAM Policy Example - Complete Guide

Further Reading #

Join my newsletter

I'll send you 1 email a week with links to all of the articles I've written that week

Buy Me A Coffee