Borislav Hadzhiev
Last updated: Apr 14, 2022
Check out my new book
In order to solve the "Managed Policy is empty. You must add statements to the policy" error in AWS CDK, we have to pass an array of policy statement instances to the managed policy.
For example, the following code gets the error:
const managedPolicy = new iam.ManagedPolicy(this, 'managed-policy-id');
To solve the error, we have to add at least 1 policy statement to the managed policy:
const managedPolicy = new iam.ManagedPolicy(this, 'managed-policy-id', { // 👇 add policy statements statements: [ new iam.PolicyStatement({ effect: iam.Effect.DENY, actions: ['sqs:*'], resources: ['*'], }), ], });
There is a test in the cdk source code, that checks whether a managed policy is empty and throws the exact same error, so this is the expected behavior.
If you want to read more about creating IAM Policies in AWS CDK, check out my other article - AWS CDK IAM Policy Example - Complete Guide