Solve - Malformed Policy Document Error in AWS CLI
Borislav Hadzhiev
Last updated: Sep 19, 2021
Check out my new book
Solving Malformed Policy Document Error in AWS CLI #
There are 2 causes for the "Malformed Policy Document" error in AWS CLI.
The most common reason the "Malformed Policy Document" error occurs in AWS CLI
is because we've forgotten to add the file:// prefix to the
--policy-document parameter.
To solve the "Malformed Policy Document" error add the file:// prefix to the
--policy-document parameter when your policy is stored in a file on the local
file system.
aws iam put-role-policy --role-name YOUR_ROLE --policy-name YOUR_POLICY --policy-document file://YOUR_FILE.json
--parameter to an AWS CLI command, you must add the file:// prefix for human-readable files, or the fileb:// prefix for binary (non human-readable) files.In the code snippet we assume that the terminal is located in the same directory
as the policy.json file, however if the terminal is in a different directory
we can still point to the file.
For example on linux and macOS you can use relative and absolute paths as
follows:
# relative path, navigate to directory aws iam put-role-policy --role-name YOUR_ROLE --policy-name YOUR_POLICY --policy-document file://./my-folder/policy.json # absolute path (notice 3 `/` characters in file:/// prefix) aws iam put-role-policy --role-name YOUR_ROLE --policy-name YOUR_POLICY --policy-document file:///home/john/policy.json
On windows you can specify a file:// prefix as follows:
aws iam put-role-policy --role-name YOUR_ROLE --policy-name YOUR_POLICY --policy-document file://C:\my-folder\policy.json
The other reason the error occurs in AWS CLI is because the policy has syntactical errors.
In the example above the policy looks like:
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "s3:Get*", ], "Resource": "*" } ] }
There is a dangling comma on the s3:Get* action line, which caused the error.
To solve the "Malformed Policy Document" error in AWS CLI, run your policy through a JSON validator and make sure you correct any syntax or logical errors in your policy.
