New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

createRole fails with "This policy contains invalid Json" #434

Closed
rcook opened this Issue Dec 27, 2017 · 1 comment

Comments

Projects
None yet
1 participant
@rcook
Contributor

rcook commented Dec 27, 2017

I'm trying to create an IAM role with the createRole function:

createRole "lambda_basic_execution" "AWSLambdaBasicExecutionRole"

Pretty basic stuff, I think. This fails with AWS reporting "This policy contains invalid Json". Here's the logging trace from my program:

[Client Request] {
  host      = iam.amazonaws.com:443
  secure    = True
  method    = POST
  target    = Nothing
  timeout   = ResponseTimeoutMicro 70000000
  redirects = 0
  path      = /
  query     =
  headers   = host: iam.amazonaws.com; x-amz-date: 20171227T165309Z; x-amz-content-sha256: a964ee534b9bfc7be1b5b5ce8590aa0a719c8f3a1d33ece57742ef210894042c; content-type: application/x-www-form-urlencoded; charset=utf-8; authorization: AWS4-HMAC-SHA256 Credential=CREDENTIALREMOVED/20171227/us-east-1/iam/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=4c6f47683ad81917ca232bd5897e7d941fde05b70b922bd5dd90bf77d1d3c1d4
  body      = Action=CreateRole&AssumeRolePolicyDocument=AWSLambdaBasicExecutionRole&RoleName=lambda_basic_execution&Version=2010-05-08
}
[Client Response] {
  status  = 400 Bad Request
  headers = x-amzn-requestid: 6b178f44-eb26-11e7-b1d9-e1cbb082026e; content-type: text/xml; content-length: 288; date: Wed, 27 Dec 2017 16:53:08 GMT; connection: close
}
[ServiceError] {
  service    = IAM
  status     = 400 Bad Request
  code       = MalformedPolicyDocument
  message    = Just This policy contains invalid Json
  request-id = Just 6b178f44-eb26-11e7-b1d9-e1cbb082026e
}
*** Exception: ServiceError (ServiceError' {_serviceAbbrev = Abbrev "IAM", _serviceStatus = Status {statusCode = 400, statusMessage = "Bad Request"}, _serviceHeaders = [("x-amzn-RequestId","6b178f44-eb26-11e7-b1d9-e1cbb082026e"),("Content-Type","text/xml"),("Content-Length","288"),("Date","Wed, 27 Dec 2017 16:53:08 GMT"),("Connection","close")], _serviceCode = ErrorCode "MalformedPolicyDocument", _serviceMessage = Just (ErrorMessage "This policy contains invalid Json"), _serviceRequestId = Just (RequestId "6b178f44-eb26-11e7-b1d9-e1cbb082026e")})

My repro program is here: https://github.com/rcook/aws-via-haskell/blob/50e9e3929f56f2f06e8f13acc6d8e93572eee2bd/lambda/Main.hs#L150

@rcook

This comment has been minimized.

Show comment
Hide comment
@rcook

rcook Dec 27, 2017

Contributor

I have totally misunderstood the purpose of the "assume policy document" argument.

Contributor

rcook commented Dec 27, 2017

I have totally misunderstood the purpose of the "assume policy document" argument.

@rcook rcook closed this Dec 27, 2017

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment