Terraform JSON MalformedPolicyDocument: The policy failed legacy parsing

Solution 1:

That config will have a trailing comma in the JSON array, which is a syntax error for the format specification. I would recommend updating the usage to the templatefile function. You could then also make this much easier for yourself with the jsonencode function to convert from HCL2. Your template would appear like:

{
  "Version": "2012-10-17",
  "Statement": {
    "Effect": "Allow",
    "Action": "sts:AssumeRole",
    "Resource": ${jsonencode(accounts)}
  }
}

and in the resource value for the policy argument:

resource "aws_iam_policy" "permit_assume_role" {
  name        = "policy-assumerole-${var.group_name}"
  description = "Permit central account users to assume roles in this account"
  policy      = templatefile("${path.module}/assets/assume_role.json", { accounts = [ for account_id in var.account_id : "arn:aws:iam::${account_id}:role/${coalesce(var.role_override, var.role_name)}"] })
}

Solution 2:

I did find out i was missing the "[" at the start of the statement and at the end of the statement. This shouldn't matter for a single resource but it was causing me issues. Adding this resolved my issue

Thanks

{
  "Version": "2012-10-17",
  "Statement": [{
    "Effect": "Allow",
    "Action": "sts:AssumeRole",
    "Resource": [
        ${accounts}
    ]
  }]
}