IAM Policy Parsing Issue
Hi AWS, I am creating an IAM policy using CloudFormation. This is one of the sample block in the policy code.
- Effect: Deny
Sid: S3Deny
Action:
- s3:Get*
- s3:List*
NotResource: !Split
- ","
- !Ref S3NotResource
The syntax and indentation looks good as I am using CloudFormation Linter to find any syntax issues, warnings, errors etc. and it has not detected anything but while deploying it through CloudFormation I am getting this error:
resource handler returned message: "the policy failed legacy parsing (service: iam, status code: 400, request id: 3c569005-7172-4f1x-836x-b493d8825947)" (requesttoken: cb6xxxx-32a7-7e08-761x-542162288xx1, handlererrorcode: invalidrequest)
Please help me in spotting the issue as it is very annoying.
- Newest
- Most votes
- Most comments
Hello.
It looks like there is "Effect" in "Effect", but I think it is actually "Action".
- Effect: Deny
Sid: S3Deny
Action:
- s3:Get*
- s3:List*
NotResource: !Split
- ","
- !Ref S3NotResource
It seems you have 2 “Effects”? Try to change the second one with Actions
The error was spotted. One of the ARNs in the parameter list was wrong.
Thanks for the help.
Relevant content
- asked a year ago
- asked 2 years ago
- asked 2 years ago
- Accepted Answerasked a year ago
AWS OFFICIALUpdated 5 months ago- AWS OFFICIALUpdated 3 years ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated a year ago
Sorry it was having
Actiononly, that was a typo but still I am experiencing the same error I posted above. Please suggest why it is still throwing an error.I suspect that the following part is the cause of the error. I haven't seen the full text of CloudFormation, so I'm not sure, but what value does "S3NotResource" contain?
Riku_Kobayashi, S3NotResource is a parameter of Type String.
Could you please tell me the specific value? I would like to reproduce the error before troubleshooting.