I am trying to create an IAM role with a policy in order to use them for my Firehose stream which points to an S3 bucket. The problem is the role doesn’t get created at all (list-roles returns nothing). I don’t get any errors and with --noDEploy the templates seem ok to my eyes.
Any ideas?
Here is the resource code
resources:
Resources:
FirehosetoS3Role:
Type: AWS::IAM::Role
Properties:
RoleName: FirehosetoS3Role
AssumeRolePolicyDocument:
Statement:
- Effect: Allow
Principal:
Service: firehose.amazonaws.com
Action: sts:AssumeRole
Policies:
- PolicyName: FirehosetoS3Policy
PolicyDocument:
Statement:
- Effect: Allow
Action: [ “s3:AbortMultipartUpload”, “s3:GetBucketLocation”, “s3:GetObject”, “s3:ListBucket”, “s3:ListBucketMultipartUploads”, “s3:PutObject” ]
Resource: [“arn:aws:s3:::my-firehose-bucket”, “arn:aws:s3:::my-firehose-bucket/*” ]
FirehoseBucket:
Type: AWS::S3::Bucket
Properties:
BucketName: my-firehose-bucket
You can check the whole file here. The Firehose resource is missing at the moment. Btw, the code is tested in localstack.