Object lambda access point policy, policy document malformed
Hi,
Despite olap is declared as "optional", when saving it I've got an error message "invalid policy". Then I edit it and from there I'm struggling to define the following:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "Statement1",
"Principal": {
"AWS": "*account-ARN*"
},
"Effect": "Allow",
"Action": [
"s3-object-lambda:*"
],
"Resource": [
"*bucketAccesspoint-ARN*"
]
}
]
}
In the underneath status bar: Security = 0, errors = 0, warnings = 0, suggestions = 0 - So should be fine.
However, when saving the policy I have an error "Invalid Object Lambda Access Point policy -> API response -> Policy document is malformed"
What am I missing?
Thx in advance for any suggestion
Hi,
I understand that you are encountering a MalformedPolicyDocument error. You get the "MalformedPolicyDocument" error when the policy document isn't syntactically or semantically correct, as per the grammar of the policy language[1]. Refer to the resources posted below.
To solve this error you can modify your policies to the below format:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "Statement1",
"Principal": {
"AWS": "*account-ARN*"
},
"Effect": "Allow",
"Action": [
"s3:*"
],
"Resource": [
arn:aws:s3:::xxxxxxxxxxxxxxx/*
]
}
]
}
Resources:-
[1]https://docs.aws.amazon.com/AmazonS3/latest/userguide/olap-policies.html
In my understanding, olap policy must point, resource-wise, to an access-point, action-wise to object-lambda action - not a directly to a bucket nor s3 actions.
Any, attempting to change action to what you suggest raises the error "Unsupported Action In Policy: The action s3: is not supported for the resource-based policy attached to resource type S3 Bucket.*" while the resource raises "Unsupported Resource ARN In Policy: The resource ARN is not supported for the resource-based policy attached to resource type S3 Object Lambda Access Point.".
So, it doesn't to be solving the issue...
Relevant questions
Anyone got S3 Object Lambda to work?
asked 4 months agoVPC Endpoint access via Lambda isn't filterable by Policy
Accepted Answerasked 2 years agoError on uploading to S3. It seems like something has been expired but which one?
asked 2 months agoIs it possible to throw custom error message from API Gateway Lambda Authorizer
asked 2 months agoKMS policy for cross account cloudtrail
asked 24 days agoYou don't have permissions to edit bucket policy
asked a year agoNo identity-based policy allows the ssm:SendCommand action
asked 2 months agoSyntax error in policy, while running 'iam create-policy', but there is no syntax mistake
Accepted Answerasked 3 months agoObject lambda access point policy, policy document malformed
asked 19 days agoRoot user cannot change S3 bucket policy
asked a year ago