Fix AWS CDK Policy ARN Does not Exist or is Not Attachable

avatar

Borislav Hadzhiev

Thu Apr 14 20222 min read

banner

Photo by Noah Silliman

Updated - Thu Apr 14 2022

Fix the AWS CDK Error - Policy ARN Does not Exist #

The most common reason we get the "Policy ARN does not exist or is not attachable" error in AWS CDK is because we've tried to use the fromAwsManagedPolicyName method but we have not provided the necessary prefix for the managed policy name.

For example, the following code gets the error:

// 👇 Without necessary Prefix const managedPolicy = iam.ManagedPolicy.fromAwsManagedPolicyName( 'AWSLambdaBasicExecutionRole', );

policy does not exist error

The solution is to include the prefix of the managed policy:

// 👇 WITH necessary Prefix const managedPolicy = iam.ManagedPolicy.fromAwsManagedPolicyName( 'service-role/AWSLambdaBasicExecutionRole', );

Some managed policies have a prefix of service-role/, others of job-function/ and others don't have a prefix at all. If the managed policy we are importing has a prefix we have to include it in the policy name.

The easiest way to see if the managed policy has a prefix is to look at the ARN of the policy, for example:

managed policy arn

In the screenshot, we can see that the policy has a prefix of service-role/, which we have to include in the call to fromAwsManagedPolicyName.

After we prefix the name of the managed policy the "Policy ARN does not exist or is not attachable" error is fixed.

Further Reading #

Use the search field on my Home Page to filter through my more than 1,000 articles.