avatarTeri Radichel

Summarize

The policy failed legacy parsing (Service: AmazonIdentityManagement; Status Code: 400; Error Code: MalformedPolicyDocument;..)

Very obscure error message for the problem at hand trying to deploy a CloudFormation stack with malformed resource

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

⚙️ Check out my series on Automating Cybersecurity Metrics. The Code.

🔒 Related Stories: AWS Security | Application Security | CloudFormation

💻 Free Content on Jobs in Cybersecurity | ✉️ Sign up for the Email List

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

I got this error in a CloudFormation stack which was not very helpful at all.

Legacy parsing? What is that? I thought maybe they had updated the CloudFormation template version when I wasn’t looking but no:

The version is option and hasn’t been changed. Ever.

I found this post but it too was not helpful at all. It says to look in CloudTrail for more information.

In my latest blog series on automating cybersecurity metrics I explained how to add the error column to CloudTrail event history. CloudTrail doesn’t report this error at all.

As it turns out, in this particular case, I had a resource where I was trying to use AWS pseudo parameters, but I forgot to add a “Sub” in front of the resource:

Should have been this:

Perhaps the AWS parser could identify that the string contains ${ and there is no Sub or any other command at the beginning of the value and report an better error message.

I wrote about a similar MalformedPolicyDocument error here:

Follow for updates.

Teri Radichel | © 2nd Sight Lab 2022

About Teri Radichel:
~~~~~~~~~~~~~~~~~~~~
⭐️ Author: Cybersecurity Books
⭐️ Presentations: Presentations by Teri Radichel
⭐️ Recognition: SANS Award, AWS Security Hero, IANS Faculty
⭐️ Certifications: SANS ~ GSE 240
⭐️ Education: BA Business, Master of Software Engineering, Master of Infosec
⭐️ Company: Penetration Tests, Assessments, Phone Consulting ~ 2nd Sight Lab
Need Help With Cybersecurity, Cloud, or Application Security?
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
🔒 Request a penetration test or security assessment
🔒 Schedule a consulting call
🔒 Cybersecurity Speaker for Presentation
Follow for more stories like this:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 
❤️ Sign Up my Medium Email List
❤️ Twitter: @teriradichel
❤️ LinkedIn: https://www.linkedin.com/in/teriradichel
❤️ Mastodon: @teriradichel@infosec.exchange
❤️ Facebook: 2nd Sight Lab
❤️ YouTube: @2ndsightlab
Cloudformation
AWS
Error Message
Legacy Parsing
Malformed Policy Document
Recommended from ReadMedium
avatarTom Bruyninx
Creating an AWS Organization for a multi-account setup

My firsthand experiences and insights gained from setting up an AWS Organization

4 min read
avataradil
Why use DNS ALIAS record instead of CNAME in the Cloud?

Having a custom domain on top of a cloud resource is essential.

4 min read
avatarAmiri McCain
Install AWS CLI and configure “credentials” and “config” files on a Mac

If you want to skip the scenic route and get straight to the solution, scroll down (or ctrl + f) to the “Quick install summary” otherwise…

7 min read
avatarAlistair Grew
The beginning of the end for Terraform?

Entering the graveyard of good software that is IBM…

5 min read
avatarGuillem Riera
The most performant Docker setup on macOS (Apple Silicon M1, M2, M3) for x64 / amd64 compatibility.

In the past years I have been using mostly Podman as a Docker replacement for most of my workflows. I wrote about it in several posts:

3 min read
avatarArtturi Jalli
I Built an App in 6 Hours that Makes $1,500/Mo

Copy my strategy!

3 min read