aws_iam: iam.ManagedPolicy returns "Don't know how to convert object to JSON"

[marikb]

Describe the bug

Converting PolicyDocument to json with to_json() function seems to work but in iam.managedPolicy I fails with the error "Don't know how to convert object to JSON"

Expected Behavior

Create the Iam.ManagedPolicy after I run the cdk synth command.

Current Behavior

Error: "Don't know how to convert object to JSON".

Reproduction Steps

I've tried running via statement and document variables (Two examples):

statements:

        stmt1 = iam.PolicyStatement(
                    effect=iam.Effect.ALLOW,
                    actions=["s3:AbortMultipartUpload", "s3:DeleteObject","s3:GetObject","s3:ListMultipartUploadParts","s3:PutObjectTagging","s3:GetObjectTagging","s3:PutObject"],
                    resources=[bc["arn"]+suffix]
                )
        
        s3_policy = iam.ManagedPolicy(self,"CDKDataSyncS3Policy",statements=[stmt1])

Or via document*:

        with open(dir + file) as json_file:
                data = json_file.read()
                data = data.replace("**AWS_ACCOUNT_ID**", account_id)
                policy_name = file.replace(".json", "")
                logical_policy_name = policy_name

                if role_name is not None:
                    logical_policy_name = f"{role_name}-policy"

                data = json.loads(data)
                policy = iam.PolicyDocument.from_json(data)
                policy = iam.ManagedPolicy(self,
                                           policy_name + "pol",
                                           managed_policy_name=logical_policy_name,
                                           document=policy)

I want to just make it work but ideally with JSON files like in the second example to support loading policies from policies folder.

Possible Solution

At the moment it seems to me like an aws cdk issue.

Additional Information/Context

No response

CDK CLI Version

2.137.0 (build bb90b4c)

Framework Version

No response

Node.js Version

v20.11.1

OS

Windows

Language

Python

Language Version

Python 3.11.9

Other information

No response

[khushail]

hi @marikb . thanks for reaching out. I tried to use the example 1 and was able to succeed. Here is the snapshot -

and the policy generated -

{
 "Resources": {
  "CDKDataSyncS3PolicyBB537DA5": {
   "Type": "AWS::IAM::ManagedPolicy",
   "Properties": {
    "Description": "",
    "Path": "/",
    "PolicyDocument": {
     "Statement": [
      {
       "Action": [
        "s3:AbortMultipartUpload",
        "s3:DeleteObject",
        "s3:GetObject",
        "s3:GetObjectTagging",
        "s3:ListMultipartUploadParts",
        "s3:PutObject",
        "s3:PutObjectTagging"
       ],
       "Effect": "Allow",
       "Resource": "*"
      }
     ],
     "Version": "2012-10-17"
    }
   },

Hope this would be helpful. let us know if this does not work for you

[marikb]

Hey @khushail, apparently the issue was not related to the function but to a spare enter I've had in my class definition (Specifically in my super().init(scoped **kwargs) )

However, the error was not informative enough for me to address it at first.

Closing the issue.

[github-actions]

⚠️COMMENT VISIBILITY WARNING⚠️

Comments on closed issues are hard for our team to see.
If you need more assistance, please either tag a team member or open a new issue that references this one.
If you wish to keep having a conversation with other community members under this issue feel free to do so.

[aws-cdk-automation]

Comments on closed issues and PRs are hard for our team to see. If you need help, please open a new issue that references this one.