I'm attempting to update my AWS SAM template with additional permissions for an s3 bucket policy. I need the following additions: 's3:ListBucket', 's3:PutObject' and 's3:DeleteObject' However im getting an invalid policy message when i deploy the updated template:

error message from github actions: Policy has invalid resource (Service:Amazon S3; Status Code: 400; Error Code: MalformedPolicy;

 BucketPolicy:
    Type: AWS::S3::BucketPolicy
    Properties:
      Bucket: !Ref MyWebsite
      PolicyDocument:
        Id: MyPolicy
        Version: 2012-10-17
        Statement:
          Sid: PublicRead
          Effect: Allow
          Principal: "*"
          Action: 
            - 's3:ListBucket'
            - 's3:GetObject'
            - 's3:PutObject'
            - 's3:DeleteObject'
          Resource:
            - "arn:aws:s3:::my-resume-wesite123456/*"
            - "arn:aws:s3:::my-resume-wesite123456/"

I thought i may have a typo in the resource name but the bucket was created successfully with the code below.

Resources:
  MyWebsite:
    Type: AWS::S3::Bucket
    Properties:
      AccessControl: PublicRead
      WebsiteConfiguration:
        IndexDocument: index.html
      BucketName: my-resume-wesite123456

Any advice greatly appreciated.

CodePudding user response：

You can directly reference the bucket making your life a lot easier:

 BucketPolicy:
    Type: AWS::S3::BucketPolicy
    Properties:
      Bucket: !Ref MyWebsite
      PolicyDocument:
        Id: MyPolicy
        Version: 2012-10-17
        Statement:
          Sid: PublicRead
          Effect: Allow
          Principal: "*"
          Action: 
            - 's3:ListBucket'
            - 's3:GetObject'
            - 's3:PutObject'
            - 's3:DeleteObject'
          Resource:
            - !Sub ${MyWebsite.Arn}/*
            - !Sub ${MyWebsite.Arn}