By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Invalid json - I AM policy

0

{ "Version": "2012-10-17", "Statement": [ {"Effect": "Allow", "Principal": {"Service": [ "healthlake.amazonaws.com" ] }, "Action": "sts:AssumeRole" "Condition": { "StringEquals": { "aws:SourceAccount": "(accountId)" }, "ArnEquals": { "aws:SourceArn": "arn:aws:healthlake:(region):(accountId):datastore/fhir/(datastoreId)" } } } ] }

When i am trying to create i am policy this json gives syntax error.....

Topics
Security, Identity, & Compliance
Tags
IAM Policies
Language
English
anurag
asked 2 months ago130 views
1 Answer
0

2 Issues. You were missing a Resource and also you do not specify a Principal on an IAM policy. Principals are only used on resource policies. Confirm the Resource you’re happy with * and this is valid.

However you don’t need the conditions imho as the policy is attached to a role in the same account. There may be some confusion here with IAM policy and a Resource policy.

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": "sts:AssumeRole",
            "Resource": "*",
            "Condition": {
                "StringEquals": {
                    "aws:SourceAccount": "(accountId)"
                },
                "ArnEquals": {
                    "aws:SourceArn": "arn:aws:healthlake:(region):(accountId):datastore/fhir/(datastoreId)"
                }
            }
        }
    ]
}

You may need to create a service role and configure the Trust for healthlake.amazonaws.com and attach the policy above.

profile picture
EXPERT
Gary Mclean
answered 2 months ago
profile picture
EXPERT
Riku_Kobayashi
reviewed a month ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content