I have created and IAM User and a CMK. When trying to put the policy on the CMK it is throwing a MalformedPolicyDocumentException null error but does NOT define WHAT the malformation is, just a generic Policy is not syntactically or semantically correct.
I have verified (via jslint) that the json I'm passing to the policy parameter is properly formatted and valid json.
I have eliminated this as a timing issue by creating the User and CMK and then waiting and trying to apply the key 30 min later.
Here is the code and the policy document (redacted of specific ARN data):
CODE:
PutKeyPolicyRequest putKeyPolicyRequest = PutKeyPolicyRequest.builder()
.keyId(targetKeyId)
.policy(masterKeyPolicyDocument) //Add JSON document below
.policyName("default")
.bypassPolicyLockoutSafetyCheck(true)
.build();
PutKeyPolicyResponse putCreatePolicyResponse = kmsClient.putKeyPolicy(putKeyPolicyRequest); //Error thrown here
EDITED: Found solution.
It would be REALLY NICE if in the developer guide you published or at least referenced the POLICY schema from the IAM policy in the KMS policy section versus assuming that structure was already known.
Edited by: qdpaul on Aug 10, 2020 10:16 AM
AWS OFFICIALUpdated 2 years ago
