Syntax error in policy, while running 'iam create-policy', but there is no syntax mistake



Im trying to create "revoke" session policy for iam user using command aws iam create-policy --policy-name "revoke-session" --policy-document JSON.json And the content of the JSON.json is

    "Version": "2012-10-17",
    "Statement": {
      "Effect": "Deny",
      "Action": "*",
      "Resource": "*",
      "Condition": {"DateLessThan": {"aws:TokenIssueTime": "2022-03-23T15:30:00Z"}}

But if i run the command it says An error occurred (MalformedPolicyDocument) when calling the CreatePolicy operation: Syntax errors in policy.

If i create exact same policy trough AWS console everything works!

So, im confused, what can be wrong?

1 Answer
Accepted Answer

--policy-document, by default, takes the actual JSON content of the policy. To have the CLI read the content from a file, modify your command to use: --policy-document file://JSON.json.

(As issued, your command is passing JSON.json as the body of the policy document, which is why the service rejects it.)

profile pictureAWS
answered 2 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions