Reputation: 79
S3 bucket policy error "Conditions do not apply to combination of actions and resources in statement"
I tried to create a s3 bucket policy with action:
"Action": ["s3:GetObject", "s3:PutObject", "s3:PutObjectAcl" ]
and a condition as below
"Condition": { "StringLike": {"s3:x-amz-acl": " bucket-owner-full-control"}}
But it throws the below error: Conditions do not apply to combination of actions and resources in statement
- What exactly is this error?
- Can someone help me why is this error occurring
- what will be the solution.
Actually tried to add the whole policy but was not able to do so. Thanks
Upvotes: 0
Views: 1767
Answers (1)
Reputation: 35238
According to the S3 documentation the below is why you receive this error.
The condition key s3:x-amz-acl that you can use to grant condition permission for the s3:PutObject permission defines behavior of the x-amz-acl request header that the PUT Object API supports.
Essentially this condition key is bound to PutObject only, therefore your condition could never be evaluated for s3:GetObject or s3:PutObjectAcl.
If both these actions should be supported too you will need to add these actions as an additional statement to the bucket policy without the condition attached.
Upvotes: 3
Related Questions
- S3 Invalid Resource in bucket policy
- To grant access, policies must have an action that has an applicable resource or condition
- AWS S3 Bucket Policy is not valid
- S3-bucket. Unknow error occured: Action does not apply to any resource(s) in statement. How to create s3-bucket policy?
- AWS Bucket Policy Error: Policy has invalid action
- aws bucket policy editor - Action does not apply to any resource(s) in statement
- Cannot match Condition statement with actions and resources in s3 bucket policy
- Policy has invalid action - AWS S3
- S3 bucket policy has invalid action
- s3 Bucket Policy Malformed error