Solve - Malformed Policy Document Error in AWS CLI

avatar

Borislav Hadzhiev

Sun Sep 19 20212 min read

Solving Malformed Policy Document Error in AWS CLI #

There are 2 causes for the "Malformed Policy Document" error in AWS CLI.

The most common reason the "Malformed Policy Document" error occurs in AWS CLI is because we've forgotten to add the file:// prefix to the --policy-document parameter.

without file prefix

To solve the "Malformed Policy Document" error add the file:// prefix to the --policy-document parameter when your policy is stored in a file on the local file system.

shell
aws iam put-role-policy --role-name YOUR_ROLE --policy-name YOUR_POLICY --policy-document file://YOUR_FILE.json

with file prefix

Anytime you pass a file as a --parameter to an AWS CLI command, you must add the file:// prefix for human-readable files, or the fileb:// prefix for binary (non human-readable) files.

In the code snippet we assume that the terminal is located in the same directory as the policy.json file, however if the terminal is in a different directory we can still point to the file.

For example on linux and macOS you can use relative and absolute paths as follows:

shell
# relative path, navigate to directory aws iam put-role-policy --role-name YOUR_ROLE --policy-name YOUR_POLICY --policy-document file://./my-folder/policy.json # absolute path (notice 3 `/` characters in file:/// prefix) aws iam put-role-policy --role-name YOUR_ROLE --policy-name YOUR_POLICY --policy-document file:///home/john/policy.json

On windows you can specify a file:// prefix as follows:

shell
aws iam put-role-policy --role-name YOUR_ROLE --policy-name YOUR_POLICY --policy-document file://C:\my-folder\policy.json

The other reason the error occurs in AWS CLI is because the policy has syntactical errors.

malformed policy document error

In the example above the policy looks like:

read-s3.json
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "s3:Get*", ], "Resource": "*" } ] }

There is a dangling comma on the s3:Get* action line, which caused the error.

To solve the "Malformed Policy Document" error in AWS CLI, run your policy through a JSON validator and make sure you correct any syntax or logical errors in your policy.

Further Reading #

Join my newsletter

I'll send you 1 email a week with links to all of the articles I've written that week

Buy Me A Coffee