Jsonencode and aws

Hi there,
I have been working with the AWS provider and have run into trouble when it comes to AWS expecting a variable to be a String that has valid JSON format.
First I couldn’t figure out how to get the syntax correct for required-tags - AWS Config
In the end, this is the only construct that worked

input_parameters = tostring(jsonencode("{\"tag1Key\":\"Terraform\",\"tag2Key\":\"Team\",\"tag3Key\":\"Environment\",\"tag4Key\":\"ServiceHours\",\"tag5Key\":\"Confidentiality\",\"tag6Key\":\"Approver\"}"))

My recent troubles are with Tag policy syntax and examples - AWS Organizations

where I used
content = <<CONTENT
“tags”: {
“Terraform”: {
“tag_key”: {
“@@assign”: “Terraform”,
“@@operators_allowed_for_child_policies”: ["@@none"]
“Team”: {
“tag_key”: {
“@@assign”: “Team”,
“@@operators_allowed_for_child_policies”: ["@@none"]

which results in a
Error: error creating Organizations Policy (tag-policy): MalformedPolicyDocumentException: The provided policy document does not meet the requirements of the specified policy type.

` on 06_tag_policies.tf line 3, in resource "aws_organizations_policy" "tag-policy":`

` 3: resource "aws_organizations_policy" "tag-policy" {`


I am really doubting myself. Am I doing something wrong? Shouldn’t the jsonencode() function work like a charm here? Especially since Terraform applies this function automagically? (I can see that it uses it during a terraform plan)

Any help regarding working with “aws expects string in JSON format” with Terraform would be greatly appreciated, since I didn’t find any examples online.

Ok I found out that the issue was simply that I didn’t set

type = “TAG_POLICY”

That did the trick, since the default type is SCP_POLICY, which has a different syntax then TAG_POLICY