found character ‘\t’ that cannot start any token | by Teri Radichel | Bugs That Bite | Oct, 2023

Error when copying and redeploying AmazonEC2ContainerServiceforEc2Role from IAM Console

Teri Radichel
Bugs That Bite

I copied a policy document from the AWS IAM console. Specifically this policy:


When I tried to deploy my own copy of that policy I got this error:

while scanning for the next token
found character '\t' that cannot start any token
in "<unicode string>", line 12, column 1:
^ (line: 12)

I ran this cat command on my file to see the tabs:

cat -T BatchECSInstanceRolePolicy.yaml

With that output it was easy to find the problem.

Which is literally impossible to see otherwise:

However, after fixing that line — with tabs — the policy still woudn’t deploy with the same error. Notice that the characters that appear for my tabs different from those shown from what existed previously:

So I deleted a bunch of those characters and now my file looks like this:

The file still won’t deploy.

What is odd, is that I copied and pasted the policy document the same way I did for a bunch of other policies I just created. I also used tabs to fix the alignment of those policies and I’m not having the same issues with those policies. They all deployed fine. So how did those hidden characters get in that file? I don’t know.

In any case, once I removed them all the policy deployed just fine.

The other thing that I find odd is that on this version of Amazon Linux, the cat -v command does not print out hidden characters but cat -T shows those specific…

#character #start #token #Teri #Radichel #Bugs #Bite #Oct