AWS IAM role and policy assume_role_policy_document not parsing json

[Darragh Grealish]

Hi, 

I've been struggling to get IAM policy and IAM role working properly, 

These are the two modules with the issues:

http://docs.ansible.com/ansible/iam_policy_module.html  

http://docs.ansible.com/ansible/iam_role_module.html#examples

IAM_ROLE is where the issue happens:

when creating a IAM_policy works and it accepts a policy_json file, with no issues.

next step is to create IAM_role and assotate that policy with the role and add a "Trust relationship" as AWS calls it. this is passed as a small json file but fails at assume_role_policy_document:

The Json is very simple, 

{"Version": "2008-10-17","Statement": [{"Effect": "Allow","Principal": {"Service": "ec2.amazonaws.com"},"Action": "sts:AssumeRole"}]}

task config: 

 - name: Create IAM Role with policy

   iam_role:

    name: "iamrole-{{ aws_deploy_stage }}-{{ aws_deployment_tag }}"

    state: present

    assume_role_policy_document: "{{ lookup('file'.'../templates/role-trust-policy-document.json) }}"

    managed_policy:

        - arn:aws:iam::aws:policy/service-role/AmazonEC2RoleforSSM                          

        - arn:aws:iam::aws:policy/AWSXrayFullAccess

        - "policy-{{ aws_deploy_stage }}-{{ aws_deployment_name }}"

fatal: [localhost]: FAILED! => {                                                              

    "failed": true,                                                                           

    "msg": "template error while templating string: expected name or number. String: {{ lookup

('file'.'../templates/role-trust-policy-document.json')|to_json }}"                           

}

if I just pass a string in double quotes "" I managed to make the module pass this to AWS and it expects JSON

    "msg": "An error occurred (MalformedPolicyDocument) when calling the CreateRole operation:

 This policy contains invalid Json",                                                          

    "response_metadata": {                                                                    

        "http_headers": {                                                                     

            "connection": "close",                 

            "content-length": "288",                                                          

            "content-type": "text/xml",                                                       

            "date": "Wed, 28 Jun 2017 09:12:50 GMT",                                          

            "x-amzn-requestid": "f61bb6b4-5be1-11e7-9679-d5c1bf3ed860"

        }, 

        "http_status_code": 400, 

        "request_id": "f61bb6b4-5be1-11e7-9679-d5c1bf3ed860", 

        "retry_attempts": 0

    }

after spending quite some time googling and reading github issues, there is allot of related issues, both closed and opened but none accurately tell where the issue is 

if looks like a PR open tries to solve the great issue https://github.com/ansible/ansible/pull/22097

another but old https://github.com/ansible/ansible-modules-core/issues/2688 

I hope someone else encounters this issue. any feedback welcome