Lightrun
question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

“E2507 IAM Policy Documents needs to be JSON” reported for JSON IAM Policy documents

See original GitHub issue

cfn-lint version: (cfn-lint --version)

cfn-lint 0.7.3

Description of issue.

I have some CloudFormation templates which are written in YAML but contain various JSON IAM policies. cfn-lint reports these errors for the files in a working branch listed below:

E2507 IAM Policy Documents needs to be JSON
cloudformation/services/concordia-service/service.yaml:183:19

E2507 IAM Policy Documents needs to be JSON
cloudformation/services/concordia-service/service.yaml:224:19

https://github.com/LibraryOfCongress/concordia/blob/eba167e1bccf4cdd10bda010f6456095061f7dc3/cloudformation/services/concordia-service/service.yaml#L183-L204

https://github.com/LibraryOfCongress/concordia/blob/eba167e1bccf4cdd10bda010f6456095061f7dc3/cloudformation/services/concordia-service/service.yaml#L224-L244

It’s not clear to me what is going on since the JSON is valid and the IAM policy validator doesn’t report any errors.

Issue Analytics

  • State:closed
  • Created 5 years ago
  • Comments:5 (3 by maintainers)

github_iconTop GitHub Comments

1reaction
kddejongcommented, Oct 26, 2018

We are now parsing the strings and testing them after being parsed.

0reactions
kddejongcommented, Oct 4, 2018

Looks like this is a string. This shouldn’t be a hard fix for that rule. We can accept strings and try to parse them into JSON. Would that make sense @cmmeyer ?

On another note since YAML should take JSON you should be able to just paste in the JSON. So this removes the error too.

PolicyDocument:
    {
        "Version": "2012-10-17",
        "Statement": [
            {
                "Action": [
                    "s3:PutObject",
                    "s3:GetObject",
                    "s3:AbortMultipartUpload",
                    "s3:ListMultipartUploadParts",
                    "s3:ListBucket",
                    "s3:ListBucketMultipartUploads",
                    "secretsmanager:GetResourcePolicy",
                    "secretsmanager:GetSecretValue",
                    "secretsmanager:DescribeSecret",
                    "secretsmanager:ListSecretVersionIds"
                ],
                "Effect": "Allow",
                "Resource": "*"
            }
        ]
    }
Read more comments on GitHub >

github_iconTop Results From Across the Web

“E2507 IAM Policy Documents needs to be JSON” reported for ...
“E2507 IAM Policy Documents needs to be JSON” reported for JSON IAM Policy documents #383 ... CFN: Convert embedded policy documents to YAML...
Read more >
The cfn-lint from aws-cloudformation - GithubHelp
Will be created just fine by the Amazon API, but cfn-lint reports: E2507 IAM Policy Documents needs to be JSON test.yaml:7:11 E3002 Property...
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found
Previous page

Invalid FindInMap does not get picked up

Next page

Support for SourceSecurityGroupId under SecurityGroupEgress in AWS::EC2::SecurityGroup