我在AWS上使用策略生成器创建了一个新策略。我正在尝试使用该策略创建密钥，但遇到以下错误：

"" BypassPolicyLockoutSafetyCheck = False File "C:\Users\AppData\Local\Programs\Python\Python35-32\lib\site-packages\botocore\client.py", line 253, in _api_call return self._make_api_call(operation_name, kwargs) File "C:\Users\AppData\Local\Programs\Python\Python35-32\lib\site-packages\botocore\client.py", line 543, in _make_api_call raise error_class(parsed_response, operation_name) botocore.errorfactory.MalformedPolicyDocumentException: An error occurred (MalformedPolicyDocumentException) when calling the CreateKey operation: ""

我已经验证了key的格式，我知道在语法上没有问题。政策如下：

{
"Version": "2012-10-17",
"Statement": [
    {
        "Sid": "Stmt1489675746111",
        "Effect": "Allow",
        "Action": [
            "workspaces:*"
        ],
        "Resource": [
            "*"
        ]
    },
    {
        "Sid": "Stmt1489675786111",
        "Effect": "Allow",
        "Action": [
            "kms:CreateAlias",
            "kms:CreateGrant",
            "kms:CreateKey",
            "kms:Decrypt",
            "kms:DeleteAlias",
            "kms:DescribeKey",
            "kms:EnableKey",
            "kms:Encrypt",
            "kms:GenerateDataKey",
            "kms:GetKeyPolicy",
            "kms:ListAliases",
            "kms:ListGrants",
            "kms:ListKeyPolicies",
            "kms:ListKeys",
            "kms:PutKeyPolicy"    
        ],
        "Resource": [
            "*"
        ]
    },
    {
        "Sid": "Stmt1489675858111",
        "Effect": "Allow",
        "Action": [
            "iam:CreatePolicy",
            "iam:CreatePolicyVersion",
            "iam:DeletePolicy",
            "iam:DeletePolicyVersion",
            "iam:GetPolicy",
            "iam:GetPolicyVersion"
        ],
        "Resource": [
            "*"
        ]
    }
]}

我使用python创建密钥。如果我使用默认策略，那么我可以创建策略。有人知道这件事吗？一些实时的例子？我查阅了aws文档，但是没有找到任何与awscli相关的好例子。在