Reputation: 19546
Amazon S3 bucket policies don't support "version" option
I wanted to provide public access to all files in my bucket. Several SO answers including this popular one indicated that I should create a policy.
So I went and copy pasted and edited the resource name and version date, but I get an error
Document is invalid: Invalid Version 2014-05-02 - undefined
I went and looked at the documentation (note that it says "latest") and the example given is
{
"Version":"2012-10-17",
"Statement":[{
"Sid":"PublicReadGetObject",
"Effect":"Allow",
"Principal": {
"AWS": "*"
},
"Action":["s3:GetObject"],
"Resource":["arn:aws:s3:::example-bucket/*"
]
}
]
}
I took that, updated the resource name, and tried again. Still didn't work: version doesn't exist.
I then notice a link that says "AWS policy generator" in the corner of the dialog. I filled in the details, hit "generate", and got something like this
{
"Id": "Policy1399047197120",
"Statement": [
{
"Sid": "Stmt1399047194777",
"Action": [
"s3:GetObject"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::mybucketname/*",
"Principal": {
"AWS": [
"AWS"
]
}
}
]
}
And it worked! Great, so it looks like they've decided to drop the "version" option, except all of the examples I've seen on SO and in their examples include this "version" option.
The version is not important to me, but is this a known change?
Upvotes: 16
Views: 8474
Answers (1)
Reputation: 179404
2012-10-17 from the examples is a static, constant, literal date expression, specifying the version of IAM policy language your policy statement uses -- not your policy statement's revision date.
There are only two possible values that you can use here, as of now: 2012-10-17 and 2008-10-17. If you don't specify, it's assumed that you're using the older version, which has a more limited functionality. Any other value represents a version of IAM policy language that doesn't exist, and is not valid for that reason.
Upvotes: 35
Related Questions
- AWS S3 Bucket Policy is not valid
- AWS how to enable bucket versioning on a specific folder of the bucket
- AWS Policy must contain valid version string
- Deactivate versioning on s3 buckets
- enabling versioning for s3 bucket object
- S3 bucket policy version
- S3 not allow to view and modify bucket policy
- Getting error when trying to setup Amazon S3 bucket policy
- What does S3 Policy Version mean?
- Setting S3 Bucket Policies