堆栈内存溢出
  简体   繁体   English

aws iam 上的令人困惑的错误:“策略中的语法错误”

[英]confusing error on aws iam: "Syntax error in policy"

 原文  2019-12-02 12:10:53       python/ amazon-web-services/ boto3/ amazon-iam

问题描述

So I'm trying to automate through python what I normally do on the aws:iam console.所以我试图通过 python 自动化我通常在 aws:iam 控制台上做的事情。 This policy, validates as it is.此策略按原样进行验证。 As you see it here:正如你在这里看到的:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": "sts:AssumeRole",
            "Resource": [
                "arn:aws:iam::123465790123:role/account-adm",
                "arn:aws:iam::123465790123:role/account-adm",
                "arn:aws:iam::123465790123:role/account-adm",
                "arn:aws:iam::123465790123:role/account-adm"
            ]
        }
    ]
}

Of course the account ids are fake, but it does validate .当然,帐户 ID 是假的,但它确实验证了

So feeding that same policy to this bit of code does not work:因此,将相同的策略提供给这段代码是行不通的:

def create(iam, name, desc, policy):

  response = iam.create_policy(
    PolicyName = name,
    Description = desc,
    PolicyDocument=json.dumps(policy)
    )

That is taken from aws recommended way of doing this, ofc: https://docs.aws.amazon.com/code-samples/latest/catalog/python-iam-create_policy.py.html这取自 aws 推荐的这样做的方法,ofc: https ://docs.aws.amazon.com/code-samples/latest/catalog/python-iam-create_policy.py.html

And this is the error I'm getting:这是我得到的错误:

botocore.errorfactory.MalformedPolicyDocumentException: An error occurred (MalformedPolicyDocument) when calling the CreatePolicy operation: Syntax errors in policy.

This is confusing me a bit as I do not see why it would not work this way when it works on the console.这让我有点困惑,因为我不明白为什么它在控制台上工作时不能以这种方式工作。 So after way too much time googling this, I simply cannot find anything that would help me, or I'm completely misguided here.所以在谷歌搜索太多时间之后,我根本找不到任何可以帮助我的东西,或者我在这里完全被误导了。

Any help appreciated.任何帮助表示赞赏。

Thanks谢谢

1 个解决方案

解决方案1
 0 已采纳  2019-12-02 12:49:18

I tried creating an IAM policy with the policy you have posted and ran in to the same issue.我尝试使用您发布的策略创建 IAM 策略并遇到相同的问题。 It seems that the output from json.dumps() is the reason for the error.看来json.dumps()的输出是错误的原因。

You can do it this way though你可以这样做

import boto3


def create_iam_policy(iam, name, desc, policy):
    response = iam.create_policy(
        PolicyName = name,
        Description = desc,
        PolicyDocument= policy
      )
    return response

iam = boto3.client('iam')

my_managed_policy = {
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": "sts:AssumeRole",
            "Resource": [
                "arn:aws:iam::123465790123:role/account-adm",
                "arn:aws:iam::123465790123:role/account-adm",
                "arn:aws:iam::123465790123:role/account-adm",
                "arn:aws:iam::123465790123:role/account-adm"
            ]
        }
    ]
}

print(create_iam_policy(iam, 'test-policy', 'test desc', my_managed_policy))

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 令人困惑的python无效语法错误 - Confusing python invalid syntax error sage 5.0 令人困惑的语法错误 - sage 5.0 confusing syntax error AWS Chalice 需要 AWS IAM 策略 - AWS IAM Policy required for AWS Chalice AWS CDK 如何在 IAM 策略中包含委托人? - AWS CDK How to include principals in IAM policy? 尝试在 gcp 中使用 set iam policy 方法使用 python 更新云存储策略时出错? - Getting an error when trying to use set iam policy method in gcp to update cloud storage policy using python? 使用托管扩展策略的 AWS EMR 上的验证错误 - Validation error on AWS EMR with managed scaling policy 试图在aws中创建一个iam角色并在assumeRolePolicyDocument上获取错误 - Trying to create an iam role in aws and getting an error on the assumeRolePolicyDocument AWS Boto3 无凭证错误 IAM 角色 K8S - AWS Boto3 No Credential Error IAM role K8S 令人困惑的Python错误 - Confusing Python Error 令人困惑的名称错误 - Confusing name error
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM