Bobcares
Client Area
Emergency Support
Amazon Web Services (AWS) | Latest | Server Management

MalformedPolicyDocument errors in AWS CloudFormation | How to resolve

by | Nov 29, 2021

MalformedPolicyDocument errors in AWS CloudFormation are resolved with ease with a little guidance from Bobcares.

At Bobcares, we offer solutions for every query, big and small, as a part of our Server Management Service.

Let’s take a look at how our Support Team recently helped a customer resolve “MalformedPolicyDocument” errors in AWS CloudFormation.

What is MalformedPolicyDocument error in AWS CloudFormation

The “MalformedPolicyDocument” error message is a common occurrence. It often occurs while creating or attempting to update an AWS CloudFormation stack. Fortunately, our Support Team has an easy resolution for this specific issue.

The Validate Template API in AWS CloudFormation validates only the template’s syntax. Moreover, it cannot validate the property values specified for a resource.

We come across the “MalformedPolicyDocument” error message when the policy document is syntactically or semantically inaccurate.

We can resolve this by confirming the policy document is valid for the resource type it is a part of.

How to resolve MalformedPolicyDocument errors in AWS CloudFormation

According to our Support Techs, the first step is to locate the error message details in the stack events with the following steps:

  1. First, we will open the AWS CloudFormation console.
  2. Then, we have to select Stacks in the navigation pane.
  3. After that, we will select Events tab after navigating to the stack that returned the error.
  4. Next, we will search the Status reason column for a message that lists out the cause of the error.

If we are still not able to identify the cause of the error, our Support Engineer suggests checking the errorMessage property of the CloudTrail event for the operation on the resource type responsible for the error.

For instance, if the error occurs due to an issue in the inline policy attached to an IAM role, we will proceed with the following steps:

  1. First, we will open the CloudTrail console.
  2. Then, we have to select Event history from the navigation pane.
  3. After that, we will head to the Filter search box and choose Event name as the lookup attribute. Then, we have to enter PutRolePolicy in the corresponding text box.
  4. Next, we will set the time of the CloudTrail event as the time we see in the error message for Time Range.
  5. Then, we have to select the event in the Event name column.
  6. Finally, we have to check the value of the errorMessage property for the detailed message in the Event record.

How to validate the policy passed in the CloudTrail event

According to our Support Team, the CloudTrail event for the API-level action that is responsible for the error will contain the resolved policy document. We can locate the resolved policy document and create a new policy in the AWS Management Console for that specific resource to resolve the error.

For instance, if the “MalformedPolicyDocument” error is a result of an inaccurate inline policy attached to an IAM role, we can resolve it with these steps:

  1. First, we will open the AWS CloudTrail console.
  2. Then, we have to select Event history from the navigation pane.
  3. After that, we will head to the Filter search box and choose Event name as the lookup attribute. Then, we have to enter PutRolePolicy in the corresponding text box.
  4. Next, we will set the time of the CloudTrail event as the time we see in the error message for Time Range.
  5. Then, we have to select the event in the Event name column.
  6. After that, we will make a copy of the Policy Document property value under Request parameters from the Event record.

  7. Remember to remove any “\” escape characters in the policy document with the help of a text editor.
  8. Next, we will open the IAM console.
  9. After that, we will select Policies from the navigation pane.
  10. Then, we have to select Create policy followed by JSON tab.
  11. In this step, we have to enter the policy document copied from step 6 and then select Review policy.
  12. Finally, we will verify the contents of the error message in the red dialogue box. In fact, this error message offers a detailed explanation of the validation failure of the policy.

[Need further assistance? We are only a click away.]

Conclusion

To sum up, the skilled Support Engineers at Bobcares demonstrated how to resolve “MalformedPolicyDocument” errors in AWS CloudFormation.

PREVENT YOUR SERVER FROM CRASHING!

Never again lose customers to poor server speed! Let us help you.

Our server experts will monitor & maintain your server 24/7 so that it remains lightning fast and secure.

GET STARTED

Related posts:

  1. Delete an AWS CloudFormation stack with ease
  2. Already exists in stack arn:aws:cloudformation error | Resolved
  3. Error DBInstance xxxxxxxxx was not found during DescribeDBInstances
  4. AWS error Route not stabilize in expected time: Quick fix

0 Comments

Submit a Comment

Your email address will not be published. Required fields are marked *

server management

Spend time on your business, not on your servers.

TALK TO US

Or click here to learn more.

Related Articles

  1. Delete an AWS CloudFormation stack with ease
  2. Already exists in stack arn:aws:cloudformation error | Resolved
  3. Error DBInstance xxxxxxxxx was not found during DescribeDBInstances
  4. AWS error Route not stabilize in expected time: Quick fix

Never again lose customers to poor
server speed! Let us help you.

GET STARTED