Skip to content
This repository has been archived by the owner on Jul 1, 2024. It is now read-only.

Update eks.md #3079

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Update eks.md #3079

wants to merge 1 commit into from

Conversation

omidraha
Copy link

Description

Fixed MalformedPolicyDocument error for Python code:

With current python snippet code

assume_role_policy = json.dumps({
    "Version": "2012-10-17",
    "Statement": [{
        "Action": "sts:AssumeRole",
        "Effect": "Allow",
        "Sid": None,
        "Principal": {
            "Service": "ec2.amazonaws.com",
        },
    }],
})

The below MalformedPolicyDocument error raises:

  aws:iam:Role (role1):
    error: 1 error occurred:
    	* creating IAM Role (role1-451c16c): MalformedPolicyDocument: Syntax error at position (1,113)
    	status code: 400, request id: ***

It will be fixed with change Sid argument value from None to the "" an empty string.

Checklist:

  • I have reviewed the style guide.
  • If blogging, I have reviewed the blogging guide.
  • I have manually confirmed that all new links work.
  • I added aliases (i.e., redirects) for all filename changes.
  • If making css changes, I rebuilt the bundle.

@omidraha
Update eks.md
eee0578 
Fixed `MalformedPolicyDocument` error for Python code:

```
  aws:iam:Role (role1):
    error: 1 error occurred:
    	* creating IAM Role (role1-451c16c): MalformedPolicyDocument: Syntax error at position (1,113)
    	status code: 400, request id: ***
```
@cnunciato
Copy link
Member

Nice catch, thanks @omidraha!

cnunciato
cnunciato reviewed Jun 21, 2023
View reviewed changes
themes/default/content/docs/clouds/aws/guides/eks.md
@@ -1311,7 +1311,7 @@ assume_role_policy = json.dumps({
"Statement": [{
"Action": "sts:AssumeRole",
"Effect": "Allow",
"Sid": None,
"Sid": "",
Copy link
Member

@cnunciato cnunciato Jun 21, 2023
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@omidraha Since this property is apparently optional, what do you think about omitting it altogether? When I do that, it looks like the policy gets created successfully (and without a Sid) -- and when I then change the Sid to "", Pulumi detects no changes. Is there a benefit (or maybe a best practice?) to using "" as opposed to just leaving the property out?

Suggested change
"Sid": "",

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

In the tests related to the library, an empty string has been used as a test case.

You can find an example of this usage at the following link:

https://github.com/pulumi/pulumi-aws/blob/c0dcccb3d7aef5bd661e2f74ec4c5361273d7c12/sdk/python/pulumi_aws/iam/role_policy.py#L191

May be it have been preferred to explicitly include an empty string for clarity in the policy structure.

And also, the record created in the Amazon console will be different.

  • 3079_01
  • 3079_02

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@cnunciato cnunciato cnunciato left review comments

@interurban interurban Awaiting requested review from interurban interurban is a code owner

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@omidraha @cnunciato