The provided policy document does not meet the requirements of the specified policy type.
Vague error message trying to deploy an SCP
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
⚙️ Check out my series on Automating Cybersecurity Metrics | Code.
🔒 Related Stories: Bugs | AWS Security | CloudFormation
💻 Free Content on Jobs in Cybersecurity | ✉️ Sign up for the Email List
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Here we have, yet again, an error message that is absolutely useless as far as troubleshooting the error at hand. I’m trying to deploy a policy and the error message I get back due to a failure is:
Resource handler returned message: The provided policy document does not meet the requirements of the specified policy type.
I’m deploying a policy. It failed. This error message pretty much tells me what I already know. There’s something wrong with the policy.
Once again I refer to this post:
The first thing I changed was that I was testing yaml, but the documentation only refers to JSON at the moment. I changed back to JSON.
I also realized that I had written a few actions with a period in the name like this:
ec2.*
instead of this:
ec2:*
Why I continue to try to write AWS policies with periods instead of colons in the resources to this day I’ll never know. Note to self. Stop doing that!
On the next run I got this error because I forgot a curly braces around the whole policy:
while parsing a block mapping
in "<unicode string>", line 17, column 7:
Name: !Ref NameParam
^ (line: 17)
expected <block end>, but found ']'
in "<unicode string>", line 49, column 10:
]
^ (line: 49)Back the error above. After trying numerous changes, I took a very simple policy I know works and changed it to the name of the policy I am trying to create. I started changing one line at a time. That way I could find the offending line.
Initially I only added the one working statement which was a deny all and I change it to deny only one policy. That worked.
Then I added a second statement block. I had a small plethora of problems with curly braces. Essentially they need to look like this for two blocks, but you might have elements with curly braces inside these curly braces…
{
[
{
},
{
}
]
}Also, I added a condition and the format was wrong.
After fixing all that it finally deployed.
Next I added in my full list of actions. I had my initial action in quotes. The actions I added were not. That caused the update to fail. I put quotes around all those and then it worked again.
You get the same error for everything, so it’s not helpful at all. Best thing is to start with something that works and make one small change at a time. Also, I scrutinized the documentation and examples character by character to see what mistakes I was making.
Better error messages please! Need a better policy parser. #awswishlist
This error message popped up again here and I wasted a TON of time on it.
Follow for updates.
Teri Radichel | © 2nd Sight Lab 2023
About Teri Radichel:
~~~~~~~~~~~~~~~~~~~~
⭐️ Author: Cybersecurity Books
⭐️ Presentations: Presentations by Teri Radichel
⭐️ Recognition: SANS Award, AWS Security Hero, IANS Faculty
⭐️ Certifications: SANS ~ GSE 240
⭐️ Education: BA Business, Master of Software Engineering, Master of Infosec
⭐️ Company: Penetration Tests, Assessments, Phone Consulting ~ 2nd Sight LabNeed Help With Cybersecurity, Cloud, or Application Security?
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
🔒 Request a penetration test or security assessment
🔒 Schedule a consulting call
🔒 Cybersecurity Speaker for PresentationFollow for more stories like this:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
❤️ Sign Up my Medium Email List
❤️ Twitter: @teriradichel
❤️ LinkedIn: https://www.linkedin.com/in/teriradichel
❤️ Mastodon: @teriradichel@infosec.exchange
❤️ Facebook: 2nd Sight Lab
❤️ YouTube: @2ndsightlab