我正在尝试通过AWS CLI设置AWS组策略,如下所示:
aws iam put-group-policy --group-name my-group --policy-name \
s3-full-access --policy-document /tmp/policy.json
这是/tmp/policy.json的内容:
{
"Version": "2012-10-17",
"Statement": [
{
"Action": [
"s3:ListAllMyBuckets"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::*"
},
{
"Action": "s3:*",
"Effect": "Allow",
"Resource": "arn:aws:s3:::my-bucket*"
}
]
}
我一直收到以下错误:
A client error (MalformedPolicyDocument) occurred when calling the PutGroupPolicy operation: The policy is not in the valid JSON format.
我不知道如何继续,错误太不明确了。有人能帮忙吗?
答案 0 :(得分:71)
解决了这个谜语!
是策略文件名前面的file://前缀:
aws iam put-group-policy --group-name my-group --policy-name s3-full-access --policy-document file:///tmp/policy.json
原始错误消息非常具有误导性,因为如果您提供根本不存在的文件名,则会收到相同的消息。
因此 >文件的语法,但 CLI根本无法看到该文件,导致错误。
答案 1 :(得分:2)
+++++++++++++++++++++++++++++++++++++++++++++++ +++++++++++++++++++++++++++ PS命令:示例1。
aws iam create-role --role-name vmimport --assume-role-policy-document file:///policy/trust-policy.json
****实际路径******:C:\ policy \ trust-policy.json ++++++++++++++++++++++++++++++++++++++++++++++++++ ++++++++++++++++++++++++++
PS命令:示例2。
aws iam put-role-policy --role-name vmimport --policy-name vmimport --policy-document file:///policy/role-policy.json
****实际路径******:C:\ policy \ role-policy.json ++++++++++++++++++++++++++++++++++++++++++++++++++ +++++++++++++++++++++++++
答案 2 :(得分:0)
我在10号窗口上遇到了同样的问题,这对我有帮助。
**file** : followed by **two Forward slash** like :"file://"
**Path on window 10** : followed by **Backward slash** like
:"c:\Users\Anand\Desktop\anand-jan19.json"
C:\Users\Anand>aws iam create-policy --policy-name anand-jan19 --policy-document file://c:\Users\Anand\Desktop\anand-jan19.json
{
"Policy": {
"PolicyName": "anand-jan19",
"PolicyId": "EQWEQBV33ewrwYCRCS",
"Arn": "arn:aws:iam::56433378:policy/anand-jan19",
"Path": "/",
"DefaultVersionId": "v1",
"AttachmentCount": 0,
"PermissionsBoundaryUsageCount": 0,
"IsAttachable": true,
"CreateDate": "2019-02-10T04:03:32Z",
"UpdateDate": "2019-02-10T04:03:32Z"
}
}