By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Missing required field Principal

0

Bellow is what I have to to create an IAM role using terraform. Whenever I init it says that I am missing a field principal? Where/What am I missing?

resource "aws_iam_role" "role_identifier" { name = var.role_name assume_role_policy = jsonencode({ Version = "2012-10-17", #policy language version Statement = [ { Action = "sts:AssumeRole", #Allows role to be assumed Effect = "Allow" Sid = "" Principal = { Service = "ec2.amazonaws.com" } }, { Action = "AssumeRole", Effect = "Allow" } ] }) }

Topics
ComputeSecurity, Identity, & Compliance
Tags
Amazon EC2IAM PoliciesTerraform
Language
English
DMaras
asked 6 months ago672 views
2 Answers
3
Accepted Answer

This should do it

resource "aws_iam_role" "role_identifier" {
  name = var.role_name

  assume_role_policy = jsonencode({
    Version = "2012-10-17"
    Statement = [
      {
        Action = "sts:AssumeRole"
        Effect = "Allow"
        Sid    = ""
        Principal = {
          Service = "ec2.amazonaws.com"
        }
      },
    ]
  })
}
profile picture
EXPERT
Gary Mclean
answered 6 months ago
0

Hi,

Your policy contains two statements. The first part has Principal but the second part only has the following:

{ Action = "AssumeRole", Effect = "Allow" }

This second part needs to be cleaned up as it looks like it is not required.

profile pictureAWS
Feng_C
answered 6 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content