'MalformedPolicyDocument error while trying to create IAM user with policy permissions

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "SrcBucket",
            "Effect": "Allow",
            "Action": "s3:*",
            "Resource": ["arn:aws:s3:::<s3-bucketname>"]
        }
    ]
}

I am using a script in ansible to create IAM user with the above policy permissions.

I can use the same policy document in aws console and create the policy, without any issue. But when I trying doing the same with the ansible script. I get the following Error.

    An exception occurred during task execution. To see the full traceback, use -vvv. The error was: botocore.errorfactory.MalformedPolicyDocumentException: An error occurred (MalformedPolicyDocument) when calling the PutUserPolicy operation: Syntax errors in policy.
[DEPRECATION WARNING]: The skip_duplicates behaviour has caused confusion and will be disabled by default in Ansible 2.14. This feature will be removed from community.aws in a release after 2022-06-01. Deprecation warnings can be disabled by setting 
deprecation_warnings=False in ansible.cfg.
fatal: [localhost]: FAILED! => changed=false 
  boto3_version: 1.18.18
  botocore_version: 1.21.18
  error:
    code: MalformedPolicyDocument
    message: Syntax errors in policy.
    type: Sender
  msg: 'An error occurred (MalformedPolicyDocument) when calling the PutUserPolicy operation: Syntax errors in policy.'
  response_metadata:
    http_headers:
      connection: close
      content-length: '279'
      content-type: text/xml
      date: Tue, 15 Feb 2022 16:38:04 GMT
      x-amzn-requestid: 1261725a-253d-4ddb-9452-66978bd88092
    http_status_code: 400
    request_id: 1261725a-253d-4ddb-9452-66978bd88092
    retry_attempts: 0

In fact I copied back the policy created on aws console to make sure this was not an issue with white spaces. I also validated the doc against a json validator. I have confirmed that the arn for the s3 bucket is the one I have listed in resource. That didn't seem to help. Any suggestions would be greatly appreciated. thanks

amazon-iamaws-policies


Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source

Related Questions

Terraform update Route53 DOMAIN NameServers

Terraform update Route53 DOMAIN NameServers

Terraform update Route53 DOMAIN NameServers

Amazon AWS S3 to Force Download Mp3 File instead of Stream It

How to enable terraform module only with a specific workspace

AWS RDS Postgres: WAL_LEVEL not set to 'logical' after changing rds.logical_replication = 1

Use terraform to set up a lambda function triggered by a scheduled event source

Use terraform to set up a lambda function triggered by a scheduled event source

Self stopping EC2 once task complete?

AWS - SWF - Asynchronous method

Why my cloudformation template is over 1 MB?

AWS elastic beanstalk - WARN install EACCES: permission denied, access '/tmp/.npm'

Aws step functions - Resume from failed step function activity instead of starting a new execution

Redirect Elastic Beanstalk URL to domain name

node-lambda - TypeError: handler is not a function