chris-j
Reputation: 71
How do I create an AWS Access Point Policy, without getting "Error Policy has invalid resource"?
Using
$ aws s3 mb s3://freds-321-pizza
make_bucket: freds-321-pizza
to successfully create a bucket. Using AWS Console
- create access point, name - freds-access-point
- check internet box
- "block all public access" - tried with this on and off
- ARN - created [arn:aws:s3:us-east-1:************:accesspoint/freds-access-point
- Submit "Create Access Point"
- Successfully created access point: freds-access-point
Go back into Access Point and Edit Policy, as follows;
{
"Version": "2012-10-17",
"Statement": [
{
"Action": ["s3:GetObject","s3:PutObject"],
"Effect": "Allow",
"Principal": {"AWS": ["*"]},
"Resource": ["arn:aws:s3:::freds-321-pizza/*"]
}
]
}
Getting "Error Policy has invalid resource", please help?
Note: AWS CLI; --doesn't work
aws s3control get-access-point --name freds-access-point --account-id ************
Will update when I find the right command.
Upvotes: 3
Views: 2724
Answers (1)
Dragos Cojocaru
Reputation: 11
This is beacause you're giving the S3 Bucket ARN, not the actual resources you want to attach to the policy. Objects within the S3 are the actual resources you look for.
Your Resource should look something like this:
"Resource": "arn:aws:s3:zone:account_ID:accesspoint/access-point-name/object/*"
/object/
Hope this was helpful!
Upvotes: 1
Related Questions
- To grant access, policies must have an action that has an applicable resource or condition
- How do I set up the Access Point Policy to allow my web server to access objects in S3 Bucket:
- How to create a public Multi-Region Access Point policy?
- Authorize a role to Amazon S3 through access point
- AWS S3 Error 'Policy has invalid resource'
- Policy has invalid resource
- Bucket policy not finding the resource
- S3 Policy not working when resource is specified
- AWS Bucket Policy Invalid Resource
- creating IAM policy for Amazon S3