IAM Policy Parsing Issue
Hi AWS, I am creating an IAM policy using CloudFormation. This is one of the sample block in the policy code.
- Effect: Deny
Sid: S3Deny
Action:
- s3:Get*
- s3:List*
NotResource: !Split
- ","
- !Ref S3NotResource
The syntax and indentation looks good as I am using CloudFormation Linter to find any syntax issues, warnings, errors etc. and it has not detected anything but while deploying it through CloudFormation I am getting this error:
resource handler returned message: "the policy failed legacy parsing (service: iam, status code: 400, request id: 3c569005-7172-4f1x-836x-b493d8825947)" (requesttoken: cb6xxxx-32a7-7e08-761x-542162288xx1, handlererrorcode: invalidrequest)
Please help me in spotting the issue as it is very annoying.
- Neueste
- Die meisten Stimmen
- Die meisten Kommentare
Hello.
It looks like there is "Effect" in "Effect", but I think it is actually "Action".
- Effect: Deny
Sid: S3Deny
Action:
- s3:Get*
- s3:List*
NotResource: !Split
- ","
- !Ref S3NotResource
It seems you have 2 “Effects”? Try to change the second one with Actions
The error was spotted. One of the ARNs in the parameter list was wrong.
Thanks for the help.
Relevanter Inhalt
AWS OFFICIALAktualisiert vor 3 Jahren- AWS OFFICIALAktualisiert vor 2 Jahren
Sorry it was having
Actiononly, that was a typo but still I am experiencing the same error I posted above. Please suggest why it is still throwing an error.I suspect that the following part is the cause of the error. I haven't seen the full text of CloudFormation, so I'm not sure, but what value does "S3NotResource" contain?
Riku_Kobayashi, S3NotResource is a parameter of Type String.
Could you please tell me the specific value? I would like to reproduce the error before troubleshooting.