Malformed Document Error when using inline policy permissions in v6 #612
Description
Description
Unable to use inline permission policies for IAM roles (IAM users untested)
If your request is for a new feature, please use the Feature request template.
- ✋ I have searched the open/closed issues and my issue is not listed.
Versions
-
Module version [Required]:
-
Terraform version:
Terraform v1.11.4 on darwin_arm64 -
Provider version(s):
- provider registry.terraform.io/hashicorp/aws v6.10.0
Reproduction Code [Required]
provider "aws" { region = "us-east-1" } module "iam_role" { source = "terraform-aws-modules/iam/aws//modules/iam-role" name = "vasya.pupkin4" create = true create_inline_policy = true inline_policy_permissions = { s3_read_access = { effect = "Allow" actions = [ "s3:GetObject", "s3:ListBucket" ] resources = [ "arn:aws:s3:::example-bucket", "arn:aws:s3:::example-bucket/*" ] } cloudwatch_logs = { effect = "Allow" actions = [ "logs:CreateLogGroup", "logs:CreateLogStream", "logs:PutLogEvents" ] resources = ["*"] } } } Which produces this error
│ Error: creating IAM Role (vasya.pupkin4-20250827143507920400000001): operation error IAM: CreateRole, https response error StatusCode: 400, RequestID: 09aec8a4-0a9a-45ce-a14b-e0cdf2543853, MalformedPolicyDocument: Policy has no statements │ │ with module.iam_role.aws_iam_role.this[0], │ on .terraform/modules/iam_role/modules/iam-role/main.tf line 281, in resource "aws_iam_role" "this": │ 281: resource "aws_iam_role" "this" { │ Steps to reproduce the behavior:
- Create a new project
- Use the above code snippet
- Terraform Plan output will not throw an error
- Terraform Apply will throw a Malformed Document error
Expected behavior
IAM policy document JSON should be correctly generated