Fix AWS CDK Managed Policy is Empty You must Add Statements


Borislav Hadzhiev

Last updated: Apr 14, 2022


Check out my new book

Solving Managed Policy is Empty Error in AWS CDK #

In order to solve the "Managed Policy is empty. You must add statements to the policy" error in AWS CDK, we have to pass an array of policy statement instances to the managed policy.

For example, the following code gets the error:

const managedPolicy = new iam.ManagedPolicy(this, 'managed-policy-id');

To solve the error, we have to add at least 1 policy statement to the managed policy:

const managedPolicy = new iam.ManagedPolicy(this, 'managed-policy-id', { // 👇 add policy statements statements: [ new iam.PolicyStatement({ effect: iam.Effect.DENY, actions: ['sqs:*'], resources: ['*'], }), ], });

There is a test in the cdk source code, that checks whether a managed policy is empty and throws the exact same error, so this is the expected behavior.

If you want to read more about creating IAM Policies in AWS CDK, check out my other article - AWS CDK IAM Policy Example - Complete Guide

Further Reading #

I wrote a book in which I share everything I know about how to become a better, more efficient programmer.
book cover
You can use the search field on my Home Page to filter through all of my articles.