I'm attempting to update my AWS SAM template with additional permissions for an s3 bucket policy. I need the following additions: 's3:ListBucket', 's3:PutObject' and 's3:DeleteObject' However im getting an invalid policy message when i deploy the updated template:
error message from github actions: Policy has invalid resource (Service:Amazon S3; Status Code: 400; Error Code: MalformedPolicy;
BucketPolicy:
Type: AWS::S3::BucketPolicy
Properties:
Bucket: !Ref MyWebsite
PolicyDocument:
Id: MyPolicy
Version: 2012-10-17
Statement:
Sid: PublicRead
Effect: Allow
Principal: "*"
Action:
- 's3:ListBucket'
- 's3:GetObject'
- 's3:PutObject'
- 's3:DeleteObject'
Resource:
- "arn:aws:s3:::my-resume-wesite123456/*"
- "arn:aws:s3:::my-resume-wesite123456/"
I thought i may have a typo in the resource name but the bucket was created successfully with the code below.
Resources:
MyWebsite:
Type: AWS::S3::Bucket
Properties:
AccessControl: PublicRead
WebsiteConfiguration:
IndexDocument: index.html
BucketName: my-resume-wesite123456
Any advice greatly appreciated.
CodePudding user response:
You can directly reference the bucket making your life a lot easier:
BucketPolicy:
Type: AWS::S3::BucketPolicy
Properties:
Bucket: !Ref MyWebsite
PolicyDocument:
Id: MyPolicy
Version: 2012-10-17
Statement:
Sid: PublicRead
Effect: Allow
Principal: "*"
Action:
- 's3:ListBucket'
- 's3:GetObject'
- 's3:PutObject'
- 's3:DeleteObject'
Resource:
- !Sub ${MyWebsite.Arn}/*
- !Sub ${MyWebsite.Arn}