1

My user has a policy that allows him to iam:CreateRole and iam:DeleteRole but when I launch this command :

aws iam create-role --role-name MyRole --path /projects/ --assume-role-policy-document file://MyRoleTrust.json

But I have this error :

An error occcured (ValidationError) when calling the CreateRole operation: The specified value for path is invalid.It must begin and end with / and contain only alphanumeric characters and / or / characters.

But I have policies using this condition with this type of arn : "arn:aws:iam::<account-id>:role/projects/*". It means that this /projects/* should exist.

So why do I get this error...I'm a bit confused. Thanks for you replies.

Zokulko
  • 211
  • 4
  • 25

1 Answers1

2

Looks like you are using Windows as your OS. And command line tool is a something like Git for Windows with bash emulation.

Same bug is mentioned in GitHub. The problem is that mingw trying to be smart, and converting paths

Here are three possible solutions:

  1. Set variable MSYS_NO_PATHCONV=1 to disable path conversions
  2. Use escaped /projects/ parameter by adding extra / (//projects/)
  3. Remove Windows at all (the best one)
rzlvmp
  • 7,512
  • 5
  • 16
  • 45
  • thx for your reply. The *first tip* doesn't seem working since i get the same error. As for the *second tip*, in AWS console, i have a role created with this arn : `arn:aws:iam:::role//projects/MyRole` Is it the right path i was excepting this path : `arn:aws:iam:::role/projects/*MyRole` ? I have the impression that there is like an empty folder,no? Regarding the *third tip*, if it wasn't my professionnal laptop i will remove it for sure X) – Zokulko Aug 16 '23 at 09:03
  • 1
    how did you use a first tip? it is two possible ways to set variable: 1. run directly in command as prefix: `MSYS_NO_PATHCONV=1 aws iam create-role ...`, 2. `export` it widely until bash session is opened: `export MSYS_NO_PATHCONV=1`, and run command then. Are you sure that you set it properly? – rzlvmp Aug 16 '23 at 10:44
  • Thx dude it works super fine!! I've to put it on my bashrc directly and not run it directly! – Zokulko Aug 17 '23 at 08:27