AWS IAM Role "inline_policy.0.policy" contains an invalid JSON policy using $(file xyz) and jsonencode

RyanWC · June 6, 2022, 3:43pm

With only the assume role policy, it works. If I remove the inline the policy, it all validates. When left in, (it looks like this.) It does not validate.

resource "aws_iam_role" "test_role" {
  name   = "my_test_role"
  assume_role_policy = jsonencode("${file("..//Policies//policy_assume_role.json")}")
  inline_policy {
    name = "inline_s3_policy"
    policy = jsonencode("${file("..//Policies//policy_s3_bucket.json")}")
  }
}

Then my policy_s3_bucket.json looks like this

  
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": ["s3:ListBucket"],
      "Resource": ["arn:aws:s3:::company-terragrunt-terraform-state-123456789-us-east-1"]
    },
    {
      "Effect": "Allow",
      "Action": ["s3:GetObject"],
      "Resource": ["arn:aws:s3:::company-terragrunt-terraform-state-123456789-us-east-1/*"]
    }
  ]
}

I get - ““inline_policy.0.policy” contains an invalid JSON policy” … but the JSON is valid. My configured user does have access to those buckets. Also, the assume role policy is working without the s3 inline in there. The assume role policy json looks to be the same format, and I’m pulling it in the same fashion.

Topic		Replies	Views
Json syntax iam role policy Terraform	3	672	October 26, 2023
Error: "policy" contains an invalid JSON policy AWS testing , hcp-terraform	0	3391	July 25, 2020
How to use templatefile() as the input of jsonencode() to create an IAM policy? AWS	3	74	September 16, 2024
Issues with Iam_role creation AWS	2	411	January 17, 2023
Terraform Aws Bucket Policy Terraform	0	856	August 5, 2020

AWS IAM Role "inline_policy.0.policy" contains an invalid JSON policy using $(file xyz) and jsonencode

Related topics