IAM Policy Create SLR with star in resource #2276
Description
Describe the bug
Hi team,
When create IAM Policy using this raw json file (v2.2.4) with CLI and Console, I met below error.
-
AWS CLI v2An error occurred (MalformedPolicyDocument) when calling the CreatePolicy operation: Syntax errors in policy. -
AWS IAM Console>Create Policy with JSON
Steps to reproduce
# Setting export AWS_LB_CNTL_VERSION="v2.2.4" export AWS_LB_CNTL_POLICY_JSON="aws_loadbalancer_controller-$(echo ${ALB_CNTL_VERSION} | sed 's/\./_/g').json" export AWS_LB_CNTL_POLICY_NAME="AwsLoadBalancerController-$(echo ${ALB_CNTL_VERSION} | sed 's/\./_/g')" # Download the iam policy json file curl "https://raw.githubusercontent.com/kubernetes-sigs/aws-load-balancer-controller/${AWS_LB_CNTL_VERSION}/docs/install/iam_policy.json" \ -o "${AWS_LB_CNTL_POLICY_JSON}" # Create IAM Policy with the json file aws iam create-policy \ --policy-document "${AWS_LB_CNTL_POLICY_JSON}" \ --policy-name "${AWS_LB_CNTL_POLICY_NAME}" | jq # An error occurred (MalformedPolicyDocument) when calling the CreatePolicy operation: Syntax errors in policy.Expected outcome
{ "Policy": { "PolicyName": "AwsLoadBalancerController-v2_2_4", "PolicyId": "<RANDOM>", "Arn": "arn:aws:iam::<ACCOUNT_ID>:policy/AwsLoadBalancerController-v2_2_4", "Path": "/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "<TIME>", "UpdateDate": "<TIME>" } }Environment
- AWS Load Balancer controller version
v2.2.4 - Kubernetes version
v1.21.2 - Using EKS (yes/no), if so version?
eks.2
Additional Context
The error message guide this content - General Warning – Create SLR with star in resource. I think, using iam:CreateServiceLinkedRole action work for specified resource . (This is contents related this topic, in AWS User Guide about 'Service-linked-roles')
How can I resolve this warning case?