Invalid json - I AM policy

Question

{
"Version": "2012-10-17",
    "Statement": [
        {"Effect": "Allow",
         "Principal":
            {"Service":
                [ "healthlake.amazonaws.com" ]
            },
         "Action": "sts:AssumeRole"
         "Condition": {
            "StringEquals": {
                "aws:SourceAccount": "(accountId)"
                },
            "ArnEquals": {
                "aws:SourceArn": "arn:aws:healthlake:(region):(accountId):datastore/fhir/(datastoreId)"
                }
            }
        }
    ]
}

When i am trying to create i am policy this json gives syntax error.....

Answer

2 Issues.
You were missing a Resource and also you do not specify a Principal on an IAM policy. Principals are only used on resource policies.
Confirm the Resource you’re happy with * and  this is valid.

However you don’t need the conditions imho as the policy is attached to a role in the same account. There may be some confusion here with IAM policy and a Resource policy.

```
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": "sts:AssumeRole",
            "Resource": "*",
            "Condition": {
                "StringEquals": {
                    "aws:SourceAccount": "(accountId)"
                },
                "ArnEquals": {
                    "aws:SourceArn": "arn:aws:healthlake:(region):(accountId):datastore/fhir/(datastoreId)"
                }
            }
        }
    ]
}
```

You may need to create a service role and configure the Trust for healthlake.amazonaws.com and attach the policy above.

Invalid json - I AM policy

Relevanter Inhalt