Bobcares
Client Area
Emergency Support
Amazon Web Services (AWS) | Latest | Server Management

MalformedPolicyDocument errors in AWS CloudFormation | How to resolve

by | Nov 29, 2021

MalformedPolicyDocument errors in AWS CloudFormation are resolved with ease with a little guidance from Bobcares.

At Bobcares, we offer solutions for every query, big and small, as a part of our Server Management Service.

Let’s take a look at how our Support Team recently helped a customer resolve “MalformedPolicyDocument” errors in AWS CloudFormation.

What is MalformedPolicyDocument error in AWS CloudFormation

The “MalformedPolicyDocument” error message is a common occurrence. It often occurs while creating or attempting to update an AWS CloudFormation stack. Fortunately, our Support Team has an easy resolution for this specific issue.

The Validate Template API in AWS CloudFormation validates only the template’s syntax. Moreover, it cannot validate the property values specified for a resource.

We come across the “MalformedPolicyDocument” error message when the policy document is syntactically or semantically inaccurate.

We can resolve this by confirming the policy document is valid for the resource type it is a part of.

How to resolve MalformedPolicyDocument errors in AWS CloudFormation

According to our Support Techs, the first step is to locate the error message details in the stack events with the following steps:

  1. First, we will open the AWS CloudFormation console.
  2. Then, we have to select Stacks in the navigation pane.
  3. After that, we will select Events tab after navigating to the stack that returned the error.
  4. Next, we will search the Status reason column for a message that lists out the cause of the error.

If we are still not able to identify the cause of the error, our Support Engineer suggests checking the errorMessage property of the CloudTrail event for the operation on the resource type responsible for the error.

For instance, if the error occurs due to an issue in the inline policy attached to an IAM role, we will proceed with the following steps:

  1. First, we will open the CloudTrail console.
  2. Then, we have to select Event history from the navigation pane.
  3. After that, we will head to the Filter search box and choose Event name as the lookup attribute. Then, we have to enter PutRolePolicy in the corresponding text box.
  4. Next, we will set the time of the CloudTrail event as the time we see in the error message for Time Range.
  5. Then, we have to select the event in the Event name column.
  6. Finally, we have to check the value of the errorMessage property for the detailed message in the Event record.

How to validate the policy passed in the CloudTrail event

According to our Support Team, the CloudTrail event for the API-level action that is responsible for the error will contain the resolved policy document. We can locate the resolved policy document and create a new policy in the AWS Management Console for that specific resource to resolve the error.

For instance, if the “MalformedPolicyDocument” error is a result of an inaccurate inline policy attached to an IAM role, we can resolve it with these steps:

  1. First, we will open the AWS CloudTrail console.
  2. Then, we have to select Event history from the navigation pane.
  3. After that, we will head to the Filter search box and choose Event name as the lookup attribute. Then, we have to enter PutRolePolicy in the corresponding text box.
  4. Next, we will set the time of the CloudTrail event as the time we see in the error message for Time Range.
  5. Then, we have to select the event in the Event name column.
  6. After that, we will make a copy of the Policy Document property value under Request parameters from the Event record.

  7. Remember to remove any “\” escape characters in the policy document with the help of a text editor.
  8. Next, we will open the IAM console.
  9. After that, we will select Policies from the navigation pane.
  10. Then, we have to select Create policy followed by JSON tab.
  11. In this step, we have to enter the policy document copied from step 6 and then select Review policy.
  12. Finally, we will verify the contents of the error message in the red dialogue box. In fact, this error message offers a detailed explanation of the validation failure of the policy.

[Need further assistance? We are only a click away.]

Conclusion

To sum up, the skilled Support Engineers at Bobcares demonstrated how to resolve “MalformedPolicyDocument” errors in AWS CloudFormation.

PREVENT YOUR SERVER FROM CRASHING!

Never again lose customers to poor server speed! Let us help you.

Our server experts will monitor & maintain your server 24/7 so that it remains lightning fast and secure.

GET STARTED

Related posts:

  1. Delete an AWS CloudFormation stack with ease
  2. Already exists in stack arn:aws:cloudformation error | Resolved
  3. Error DBInstance xxxxxxxxx was not found during DescribeDBInstances
  4. AWS error Route not stabilize in expected time: Quick fix

0 Comments

Submit a Comment

Your email address will not be published. Required fields are marked *

server management

Spend time on your business, not on your servers.

TALK TO US

Or click here to learn more.

Related Articles

  1. Delete an AWS CloudFormation stack with ease
  2. Already exists in stack arn:aws:cloudformation error | Resolved
  3. Error DBInstance xxxxxxxxx was not found during DescribeDBInstances
  4. AWS error Route not stabilize in expected time: Quick fix

Never again lose customers to poor
server speed! Let us help you.

GET STARTED

Privacy Preference Center

Consent Management

When you visit any website, it may store or retrieve information on your browser, mostly in the form of cookies. This information might be about you, your preferences or your device and is mostly used to make the site work as you expect it to. The information does not usually directly identify you, but it can give you a more personalized web experience.

Because we respect your right to privacy, you can choose not to allow some types of cookies. Click on the different category headings to find out more and change our default settings. However, blocking some types of cookies may impact your experience of the site and the services we are able to offer.

Privacy Policy

Required
By using this site, you agree to our Privacy Policy.

Necessary

Necessary cookies help make a website usable by enabling basic functions like page navigation and access to secure areas of the website. The website cannot function properly without these cookies.

PHPSESSID - Preserves user session state across page requests.

gdpr[consent_types] - Used to store user consents.

gdpr[allowed_cookies] - Used to store user allowed cookies.

Cookies Used

Required
PHPSESSID, gdpr[consent_types], gdpr[allowed_cookies]

livechat.bobcares.com

Opt Out
PHPSESSID

my.bobcares.com

Opt Out
WHMCSpKDlPzh2chML

Statistics

Statistic cookies help website owners to understand how visitors interact with websites by collecting and reporting information anonymously.

_ga - Preserves user session state across page requests.

_gat - Used by Google Analytics to throttle request rate

_gid - Registers a unique ID that is used to generate statistical data on how you use the website.

smartlookCookie - Used to collect user device and location information of the site visitors to improve the websites User Experience.

Cookies Used

_ga, _gat, _gid

google.com

Opt Out
_ga, _gat, _gid

manager.smartlook.com

Opt Out
smartlookCookie

clarity.microsoft.com

Opt Out
_clck, _clsk, CLID, ANONCHK, MR, MUID, SM

Marketing

Marketing cookies are used to track visitors across websites. The intention is to display ads that are relevant and engaging for the individual user and thereby more valuable for publishers and third party advertisers.

IDE - Used by Google DoubleClick to register and report the website user's actions after viewing or clicking one of the advertiser's ads with the purpose of measuring the efficacy of an ad and to present targeted ads to the user.

test_cookie - Used to check if the user's browser supports cookies.

1P_JAR - Google cookie. These cookies are used to collect website statistics and track conversion rates.

NID - Registers a unique ID that identifies a returning user's device. The ID is used for serving ads that are most relevant to the user.

DV - Google ad personalisation

_reb2bgeo - The visitor's geographical location

_reb2bloaded - Whether or not the script loaded for the visitor

_reb2bref - The referring URL for the visit

_reb2bsessionID - The visitor's RB2B session ID

_reb2buid - The visitor's RB2B user ID

Cookies Used

IDE, test_cookie, 1P_JAR, NID, DV, NID

doubleclick.net

Opt Out
IDE, test_cookie

google.co.in

Opt Out
1P_JAR, NID, DV

google.com

Opt Out
NID

olark.com

Opt Out
hblid

rb2b.com

Opt Out
_reb2bgeo, _reb2bloaded, _reb2bref, _reb2bsessionID, _reb2buid

Security

These are essential site cookies, used by the google reCAPTCHA. These cookies use an unique identifier to verify if a visitor is human or a bot.

Cookies Used

SID, APISID, HSID, NID, PREF

google.com

Opt Out
SID, APISID, HSID, NID, PREF