Terraform-provider-aws: Error: "policy" contains an invalid JSON: invalid character '}' looking for beginning of object key string
_This issue was originally opened by @LennyCastaneda as hashicorp/terraform#22600. It was migrated here as a result of the provider split. The original body of the issue is below._
Terraform Version
...0.12.6
Terraform Configuration Files
...{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "Access-from-specific-VPCE-only",
"Effect": "Allow",
"Principal": "*",
"Action": [
"s3:DeleteObject",
"s3:GetObject",
"s3:PutObject",
"s3:ListBucket"
],
"Resource": [
"arn:aws:s3:::${s3_bucket}${aws_environment}",
"arn:aws:s3:::${s3_bucket}${aws_environment}/*"
],
"Condition": {
"StringEquals": {
"aws:sourceVpc": "${security_vpc_endpoint}"
}
}
},
{
"Sid": "Accept Any Principal Access From within Prod AWS Account",
"Effect": "Allow",
"Principal": {
"AWS": [
"arn:aws:iam::00000000000:role/FedCwatchRead",
"arn:aws:iam::00000000000:role/admin"
]
},
"Action": [
"s3:DeleteObject",
"s3:GetObject",
"s3:PutObject",
"s3:ListBucket"
],
"Resource": [
"arn:aws:s3:::${s3_bucket}${aws_environment}",
"arn:aws:s3:::${s3_bucket}${aws_environment}/*"
]
}
]
}
Debug Output
Crash Output
Expected Behavior
Actual Behavior
Steps to Reproduce
Additional Context
References
hashibot[bot]
All 11 comments
Experiencing this as well:
$ terraform --version
Terraform v0.12.13
- provider.aws v2.36.0
solarsnake
on 17 Nov 2019
I am also getting this:
isandozi
on 3 Dec 2019
Seems like a Terraform bug, but the bot tagged it as AWS cloud issue.
My work around was removing the extra line referencing the bucket.
LennyCastaneda
on 3 Dec 2019
Not sure if it's the same issue but the way I was giving the IP ranges for the condition gave me the same error. I've fixed it like this:
"aws:SourceIp": ["${join("\",\"", aws_subnet.private.*.cidr_block)}"]
madpipeline
on 18 Mar 2020
@LennyCastaneda I suggest you to create file ```*.json```` paste your policy in there, using vim, so you can validate if it's valid json
Arsen-Uulu
on 5 May 2020
It's a valid json...no doubt. It works when pasted regularly in the AWS console in IAM policy, but Terraform doesn't like it.
LennyCastaneda
on 5 May 2020
I have the same issue.
I am able to create a resource with the following content:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "*",
"Resource": "*"
}
]
}
When I change the Action to:
"Action": [
"ec2:AttachVolume",
"ec2:AuthorizeSecurityGroupIngress",
],
it produces the error Error: "policy" contains an invalid JSON: invalid character ']' looking for beginning of value
Version
Terraform v0.12.24
- provider.aws v2.63.0
JayMaree
on 26 May 2020
@JayMaree I think your error is here:
"Action": [
"ec2:AttachVolume",
"ec2:AuthorizeSecurityGroupIngress", <- this last comma makes "]" invalid
],
I had the same issue which brought me here but mine was just a pythonic way of writing json :P
chaws
on 8 Jun 2020
Had same issue, just want to clarify that solution above (quite helpful btw, thank you) is referring to the last _comma_, not the colon.
Try431
on 28 Aug 2020
To me we should be able to set a last colon even on the latest record of a list, like any other programming language...
hegyre
on 2 Oct 2020
Having the same issue with this json. Validated it and can paste into the bucket policy in the console without issue, but Terraform does not like it.
{
"Version": "2012-10-17",
"Statement": [{
"Sid": "DelegateS3Access",
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::000000000000:role/someuser"
},
"Action": ["s3:ListBucket", "s3:GetObject"],
"Resource": [
"arn:aws:s3:::bucket/*",
"arn:aws:s3:::bucket"
]
}]
}
Getting this error
jakeasarus
on 5 Oct 2020
Related issues
hashibot
路
3Comments
modax
路
3Comments
ccslamstack
路
3Comments
hashibot
路
3Comments
hashibot
路
3Comments
Most helpful comment
@JayMaree I think your error is here:
I had the same issue which brought me here but mine was just a pythonic way of writing json :P