AWS create role - Has prohibited field

Question

I am trying out a simple example suggested by AWS documentation to create a role using a policy json file http://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create_for-service.html And I get the error A client error (MalformedPolicyDocument) occurred when calling the CreateRole operation: Has prohibited field Resource Here's the command, >> aws iam create-role --role-name test-service-role --assume-role-policy-document file:///home/ec2-user/policy.json A client error (MalformedPolicyDocument) occurred when calling the CreateRole operation: Has prohibited field Resource The policy is the exact same as the one mentioned in the example >> cat policy.json { "Version": "2012-10-17", "Statement": { "Effect": "Allow", "Action": "s3:ListBucket", "Resource": "arn:aws:s3:::example_bucket" } My version seems to be up to date >> aws --version aws-cli/1.9.9 Python/2.7.10 Linux/4.1.10-17.31.amzn1.x86_64 botocore/1.3.9 Select the correct answer from above options

Answer 1

For this, you would need to create a trust relationship policy. { "Version": "2012-10-17", "Statement": { "Effect": "Allow", "Principal": {"Service": "ec2.amazonaws.com"}, "Action": "sts:AssumeRole" } Use this trust relationship policy document. This is not a normal policy document, you have to provide this in the trust relationship tab available in roles. If you wish to know more about this online storage solution by amazon, you can read Amazon S3.