Fix AWS CDK Managed Policy is Empty You must Add Statements

Solving Managed Policy is Empty Error in AWS CDK #

In order to solve the "Managed Policy is empty. You must add statements to the policy" error in AWS CDK, we have to pass an array of policy statement instances to the managed policy.

For example, the following code gets the error:

const managedPolicy = new iam.ManagedPolicy(this, 'managed-policy-id');

To solve the error, we have to add at least 1 policy statement to the managed policy:

const managedPolicy = new iam.ManagedPolicy(this, 'managed-policy-id', {
  // 👇 add policy statements
  statements: [
    new iam.PolicyStatement({
      effect: iam.Effect.DENY,
      actions: ['sqs:*'],
      resources: ['*'],
    }),
  ],
});

In the code snippet, we've added a policy statement, and that solves the error.

There is a test in the cdk source code, that checks whether a managed policy is empty and throws the exact same error, so this is the expected behavior.

If you want to read more about creating IAM Policies in AWS CDK, check out my other article - AWS CDK IAM Policy Example - Complete Guide

Further Reading #

• AWS CDK IAM Policy Example - Complete Guide
• AWS CDK IAM Role Example - Complete Guide
• AWS CDK Tutorial for Beginners - Step-by-Step Guide
• What is a Token in AWS CDK
• CDK Constructs - Complete Guide
• What is an identifier (id) in AWS CDK
• How to use Context in AWS CDK
• How to use Parameters in AWS CDK