Home > Software design >  AWS S3 Bucket giving 'policies must be valid JSON and the first byte must be '{'
AWS S3 Bucket giving 'policies must be valid JSON and the first byte must be '{'

Time:10-16

    { 
"Id": "Policy1590051531320", 
"Version": "2012-10-17",
"Statement": [ 
{ "Sid": "Stmt1590051522178", 
"Action": [ "s3:GetObject", 
"s3:GetObjectVersion", 
"s3:PutObject", 
"s3:AbortMultipartUpload", 
"s3:ListMultipartUploadParts", 
"s3:GetBucketVersioning", 
"s3:ListBucket", 
"s3:GetBucketLocation", 
"s3:ListBucketMultipartUploads", 
"s3:ListBucketVersions" ], 
"Effect": "Allow", 
"Resource": ["arn:aws:s3:::lakefs", "arn:aws:s3:::lakefs/backend.txt/*"], 
"Principal": {"AWS": ["arn:aws:iam::REDACTED:user/uing"]
 } 
} 
] 
}

This my s3 bucket policy, but it's returning a 'Policies must be valid JSON and the first byte must be '{'. I have the correct bucket name, and bucket name with path prefix in my resource field. Any idea why I am getting this error?

CodePudding user response:

You can't have these spaces { at the beginning. It should be:

{ 
"Id": "Policy1590051531320", 
"Version": "2012-10-17",
"Statement": [ 
{ "Sid": "Stmt1590051522178", 
"Action": [ "s3:GetObject", 
"s3:GetObjectVersion", 
"s3:PutObject", 
"s3:AbortMultipartUpload", 
"s3:ListMultipartUploadParts", 
"s3:GetBucketVersioning", 
"s3:ListBucket", 
"s3:GetBucketLocation", 
"s3:ListBucketMultipartUploads", 
"s3:ListBucketVersions" ], 
"Effect": "Allow", 
"Resource": ["arn:aws:s3:::lakefs", "arn:aws:s3:::lakefs/backend.txt/*"], 
"Principal": {"AWS": ["arn:aws:iam::172787983831:user/uing"]
 } 
} 
] 
}

CodePudding user response:

[lakeFS dev here, but this is an AWS issue]

As the error message says, it wants you to start your policy with a { (and no preceding whitespace).

Note that S3 separates resource-based policies (like this one) from identity-based policies, which you would set up on the IAM service. There are important differences. I often identity-based policies are easier to set up than resource-based policies: the error messages are easier to read, the web-based UI can be friendlier (and offers online error reporting for JSON policies, or a reasonably nice visual policy editor), etc.

  • Related