{
"Id": "Policy1590051531320",
"Version": "2012-10-17",
"Statement": [
{ "Sid": "Stmt1590051522178",
"Action": [ "s3:GetObject",
"s3:GetObjectVersion",
"s3:PutObject",
"s3:AbortMultipartUpload",
"s3:ListMultipartUploadParts",
"s3:GetBucketVersioning",
"s3:ListBucket",
"s3:GetBucketLocation",
"s3:ListBucketMultipartUploads",
"s3:ListBucketVersions" ],
"Effect": "Allow",
"Resource": ["arn:aws:s3:::lakefs", "arn:aws:s3:::lakefs/backend.txt/*"],
"Principal": {"AWS": ["arn:aws:iam::REDACTED:user/uing"]
}
}
]
}
This my s3 bucket policy, but it's returning a 'Policies must be valid JSON and the first byte must be '{'. I have the correct bucket name, and bucket name with path prefix in my resource field. Any idea why I am getting this error?
CodePudding user response:
You can't have these spaces {
at the beginning. It should be:
{
"Id": "Policy1590051531320",
"Version": "2012-10-17",
"Statement": [
{ "Sid": "Stmt1590051522178",
"Action": [ "s3:GetObject",
"s3:GetObjectVersion",
"s3:PutObject",
"s3:AbortMultipartUpload",
"s3:ListMultipartUploadParts",
"s3:GetBucketVersioning",
"s3:ListBucket",
"s3:GetBucketLocation",
"s3:ListBucketMultipartUploads",
"s3:ListBucketVersions" ],
"Effect": "Allow",
"Resource": ["arn:aws:s3:::lakefs", "arn:aws:s3:::lakefs/backend.txt/*"],
"Principal": {"AWS": ["arn:aws:iam::172787983831:user/uing"]
}
}
]
}
CodePudding user response:
[lakeFS dev here, but this is an AWS issue]
As the error message says, it wants you to start your policy with a {
(and no preceding whitespace).
Note that S3 separates resource-based policies (like this one) from identity-based policies, which you would set up on the IAM service. There are important differences. I often identity-based policies are easier to set up than resource-based policies: the error messages are easier to read, the web-based UI can be friendlier (and offers online error reporting for JSON policies, or a reasonably nice visual policy editor), etc.