I'm trying to create a managed policy by AWS CLI:
POLICY='
{
"Version":"2012-10-17",
"Statement":
[{
"Effect":"Allow",
"Action":
[
"cloudformation:*"
],
"Resource":"*"
},
{
"Effect":"Deny",
"Action":
[
"cloudformation:UpdateStack",
"cloudformation:DeleteStack"
],
"Resource": "'${arn}'"
}]
}'
# Create policy if not already created
[ $(aws iam list-policies | grep -ce CloudFormation-policy-${StackName}) -eq 0 ] && (aws iam create-policy --policy-name CloudFormation-policy-${StackName} --policy-document "'${POLICY}'")
When I run the script I get this error:
An error occurred (MalformedPolicyDocument) when calling the CreatePolicy operation: Syntax errors in policy.
I can't figure out where the error is.
Any idea?
Each operating systems has its own way of treating single quote vs double quote escaping and as per AWS CLI documentation:
When passing in large blocks of data, you might find it easier to save
the JSON to a file and reference it from the command line. JSON data
in a file is easier to read, edit, and share with others.
Quoting Strings approach might not be best choice while passing Json data, instead use Loading parameters from file approach.
Related
I'm trying to update policy in one of my API gateway using AWS cli and this is for automation purposes. When I try with the policy json with command, it's succeeded, but when I try to execute it with pointing a json file it's giving errors,
aws apigateway update-rest-api --rest-api-id cyasdze47d --patch-operations op=replace,path=/policy,value="file://foo.json"
error :
An error occurred (BadRequestException) when calling the UpdateRestApi operation: Invalid policy document. Please check the policy syntax and ensure that Principals are valid.
foo.json
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": "*",
"Action": "execute-api:Invoke",
"Resource": "arn:aws:execute-api:eu-west-1:123345455:cyxxxxxd/test1/*"
}
]
}
Can anyone help me on how to replace existing policy with json file using AWS cli ?
Thanks
You must strinfigy your policy first as shown in the docs.
strinfigied=$(jq tostring foo.json)
aws apigateway update-rest-api --rest-api-id cyasdze47d --patch-operations op=replace,path=/policy,value=${strinfigied}
I've created an Alexa skill based on the Hello World template using the ASK CLI. The skill is called demo-skill. I want to use the ask api update-skill command to update the skill to reflect local changes that I've made to the en-US.json file in the demo-skill project structure. This is the command I'm using:
ask api update-skill --skill-id <my skill id> --file <my working directory>/demo-skill/models/en-US.json
This is the error I'm receiving:
Call update-skill error.
Error code: 400
{
"message": "Skill manifest is not valid.",
"violations": [
{
"code": "INVALID_REQUEST_PARAMETER",
"message": "Instance at property path \"$\" has an invalid number of properties. Actual properties: 0, Minimum properties: 1",
"validationDetails": {
"originalInstance": {
"propertyPath": "$",
"type": "BODY"
},
"reason": {
"actualProperties": 0,
"minimumProperties": 1,
"type": "INVALID_NUMBER_OF_PROPERTIES"
}
}
}
]
}
Can someone please explain what parameter is missing here and how can I update a skill using the CLI if what I'm doing is wrong?
The command you are using is to update the schema of the skill, vs the interaction model.
The corollary to 'get' the schema is:
ask api get-skill -s {skill_id} --stage development > skill.json
If you turn around and put the output of that command into your command:
ask api update-skill --skill-id <my skill id> --file skill.json
you should find that the command executes successfully.
You may be looking for:
ask api update-model <-s|--skill-id <skillId>> <-f|--file <fileName>> <-l|--locale <locale>> [-g|--stage <stage>] [-d|--description <description>] [-p|--profile <profile>] [--debug]
Here are the docs for that:
ASK CLI command reference
I am sending the following valid JSON as a message via MQTT to a device :
{
"devices": [
{
"known": true,
"local": false,
"eep": "MSC_V3_PRESSAC_20",
"id": "01:96:23:83",
"O_nominalVoltage": 120
}
],
"uuid": "821ca781-dd98-4531-8391-19d4e4da2c96"
}
but I receive the following error back :
"Handling command: org.json.JSONException: Expected a ',' or '}' at character 62 of {devices:[{known:true,local:false,eep:MSC_V3_PRESSAC_20,id:01:96:23:83,O_nominalVoltage:120}],uuid:821ca781-dd98-4531-8391-19d4e4da2c96}"
}
Can anyone see anything wrong with this? I don't understand why there is a problem with character 62.
For more information, I am sending the message via the mosquitto_pub command when publishing to an MQTT topic on a remote device.
My device is running Java code which uses the Java Paho libraries. I am using the AWS IoT MQTT broker.
I am trying to add SNS topic to a s3 bucket and I am using the aws cli command to apply a notification configuration to s3bucket called 'test'
I am passing the SNS topic configuration as a json string and when I try to print the json string its printing the json value correctly but somehow aws cli add commas to the json string.
inputevent.sh:
#!/bin/bash
bucketName=test
jsonInput=file:///Users/ish/GitLabProject/validator-cf/inputevent.json
QueueArn="arn:aws:sns:us-east-1:255353535355:SNSTopic"
template='{ "TopicConfigurations": { "Event": "s3:ObjectCreated:*", "Queue": "%s" } }'
TopicConfiguration=$(printf "$template" "$QueueArn")
echo "$TopicConfiguration"
aws s3api put-bucket-notification-configuration --bucket $bucketName --notification-configuration $TopicConfiguration
Error:
{ "TopicConfigurations": { "Event": "s3:ObjectCreated:*", "Queue": "arn:aws:sns:us-east-1:255353535355:SNSTopic" } }
usage: aws [options] <command> <subcommand> [<subcommand> ...] [parameters]
To see help text, you can run:
aws help
aws <command> help
aws <command> <subcommand> help
Unknown options: {, "Event":, "s3:ObjectCreated:*",, "Queue":, "arn:aws:sns:us-east-1:255353535355:SNSTopic", }, }, "TopicConfigurations":
Check your template variable.
Based on the docs, the TopicConfigurations in the --notification-configuration should be an array (since you can have multiple notifications)
Try updating the template variable in your bash script to something like
template='{ "TopicConfigurations": [{ "Event": "s3:ObjectCreated:*", "Queue": "%s" }] }'
Can check the examples to get a better idea
i am trying to create a policy for group by using cli-input-json providing json as input to the cli command.
The command is
aws iam put-group-policy --cli-input-json file://D:\\json\\demo\\json
grpPolicy_testpolicy1.json
which gives following error
A client error (MalformedPolicyDocument) occurred when calling the PutGroupPolicy operation: The policy is not in the valid JSON format.
The content of json file at D:\json\demo\json
grpPolicy_testpolicy1.json is
{
"GroupName": "testgroup11",
"PolicyName": "testpolicy11",
"PolicyDocument": "file://D:\\json\\policypermission.txt"
}
The content of policy document file at D:\json\
policypermission.txt is
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "uploadandgetfromS3",
"Effect": "Allow",
"Action": [
"s3:CreateBucket",
"s3:CreateObject",
"s3:GetObject",
"s3:GetObjectAcl",
"s3:ListAllMyBuckets",
"s3:ListBucket",
"s3:PutBucketAcl",
"s3:PutObject",
"s3:PutObjectAcl",
"rds:DescribeDBLogFiles",
"rds:DownloadDbLogFilePortion"
],
"Resource": "*"
}
]
}
i have verified all the json files for the validity of json, still aws cli says that the policy document is malformed.
i have also created and attached the above said policy by using normal cli command to confirm the validity of the policy document and that has worked fine.
{
"GroupName": "testgroup11",
"PolicyName": "testpolicy11",
"PolicyDocument": "file://D:\\json\\policypermission.txt"
}
While this would make sense conceptually, I think the AWS Command Line Interface (AWS CLI) doesn't support inline/nested references to URLs like file:// here, rather only as a command line argument, e.g.:
aws iam put-group-policy --cli-input-json file://D:\\json\\demo\\json \
grpPolicy_testpolicy1.json --policy-document file://D:\\json\\policypermission.txt
This works, because command line arguments take precedence over those specified as CLI Input JSON Parameters. However, once you do not specify the overriding --policy-document, the JSON parser trips over the inline PolicyDocument element, where it expects an inline JSON object but encounters the URL file://D:\\json\\policypermission.txt instead.