By using AWS re:Post, you agree to the Terms of Use

MalformedPolicyDocumentException null being thrown putting policy on CMK


I have created and IAM User and a CMK. When trying to put the policy on the CMK it is throwing a MalformedPolicyDocumentException null error but does NOT define WHAT the malformation is, just a generic Policy is not syntactically or semantically correct.

I have verified (via jslint) that the json I'm passing to the policy parameter is properly formatted and valid json.

I have eliminated this as a timing issue by creating the User and CMK and then waiting and trying to apply the key 30 min later.

Here is the code and the policy document (redacted of specific ARN data):


    PutKeyPolicyRequest putKeyPolicyRequest = PutKeyPolicyRequest.builder()  

            .policy(masterKeyPolicyDocument) //Add JSON document below  

    PutKeyPolicyResponse putCreatePolicyResponse = kmsClient.putKeyPolicy(putKeyPolicyRequest); //Error thrown here  

EDITED: Found solution.

It would be REALLY NICE if in the developer guide you published or at least referenced the POLICY schema from the IAM policy in the KMS policy section versus assuming that structure was already known.

Edited by: qdpaul on Aug 10, 2020 10:16 AM

2 Answers

After finding the Policy Schema definitions in the IAM user policy guide was able to create semantically correct policy json.

answered 2 years ago

thank you for the feedback, @qdpaul.

We will take a note to update the guidance in the User Guide.

answered 2 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions