Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

AWS IAM assume role erron: MalformedPolicyDocument: Invalid principal in policy: "AWS" #7076

Closed
p0bailey opened this issue Jun 8, 2016 · 1 comment
Closed

AWS IAM assume role erron: MalformedPolicyDocument: Invalid principal in policy: "AWS" #7076

p0bailey opened this issue Jun 8, 2016 · 1 comment
Labels
bug provider/aws

Comments

@p0bailey
Copy link

p0bailey commented Jun 8, 2016
edited

Hello there,

I'm getting a funny behaviour when creating a new role named SecurityMonkeyInstanceProfile and
another role named SecurityMonkey, when SecurityMonkey role wants to assume SecurityMonkeyInstanceProfile role, terraform fails to detect SecurityMonkeyInstanceProfile role (see DEBUG). In order to fix this dependency, terraform requires an additional terraform apply as the first fails.

Terraform Version

v0.6.16

Affected Resource(s)

Please list the resources as a list, for example:

  • aws_iam_role

Terraform Configuration Files

resource "aws_iam_role" "SecurityMonkeyInstanceProfile" {
    name               = "SecurityMonkeyInstanceProfile"
    path               = "/"
    assume_role_policy = <<EOF
{
      "Version": "2012-10-17",
      "Statement": [
        {
          "Effect": "Allow",
          "Principal": {
            "Service": "ec2.amazonaws.com"
          },
          "Action": "sts:AssumeRole"
        }
      ]
    }EOF
}


resource "aws_iam_role" "SecurityMonkey" {
    name               = "SecurityMonkey"
    path               = "/"
    assume_role_policy = <<EOF
{
      "Version": "2008-10-17",
      "Statement": [
        {
          "Sid": "",
          "Effect": "Allow",
          "Principal": {
            "AWS": "${aws_iam_role.SecurityMonkeyInstanceProfile.arn}"
          },
          "Action": "sts:AssumeRole"
        }
      ]
    }EOF
}

Debug Output

https://gist.github.com/p0bailey/3bb66f4cc628bb9fedc5d03d37b7e1c8

Panic Output

NA

Expected Behavior

SecurityMonkey role should assume SecurityMonkeyInstanceProfile role at the first
run rather than failing and succeeding only after a second run of terraform apply.

Actual Behavior

Terraform requires a second terraform apply

Steps to Reproduce

  1. terraform apply

Important Factoids

NA

References

http://stackoverflow.com/questions/37615891/invalid-principal-in-policy
@hashibot hashibot mentioned this issue Jun 13, 2017
Closed
@ghost
Copy link

ghost commented Apr 10, 2020

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.

@ghost ghost locked and limited conversation to collaborators Apr 10, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
bug provider/aws
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@catsby @p0bailey @hashibot