Durch die Nutzung von AWS re:Post stimmt du den AWS re:Post Nutzungsbedingungen
AWS re:Postre:Post

Object lambda access point policy, policy document malformed

0

Hi,

Despite olap is declared as "optional", when saving it I've got an error message "invalid policy". Then I edit it and from there I'm struggling to define the following:

{
	"Version": "2012-10-17",
	"Statement": [
		{
			"Sid": "Statement1",
			"Principal": {
				"AWS": "*account-ARN*"
			},
			"Effect": "Allow",
			"Action": [
				"s3-object-lambda:*"
			],
			"Resource": [
				"*bucketAccesspoint-ARN*"
			]
		}
	]
}

In the underneath status bar: Security = 0, errors = 0, warnings = 0, suggestions = 0 - So should be fine.

However, when saving the policy I have an error "Invalid Object Lambda Access Point policy -> API response -> Policy document is malformed"

What am I missing?

Thx in advance for any suggestion

Themen
SpeicherServerlosKalkulation
Tags
Amazon Simple Storage ServiceAWS Lambda
Sprache
English
AWS-User-3194526
gefragt vor 2 Jahren569 Aufrufe
2 Antworten
0

Hi,

I understand that you are encountering a MalformedPolicyDocument error. You get the "MalformedPolicyDocument" error when the policy document isn't syntactically or semantically correct, as per the grammar of the policy language[1]. Refer to the resources posted below.

To solve this error you can modify your policies to the below format:

{

"Version": "2012-10-17",

"Statement": [

	{

		"Sid": "Statement1",

		"Principal": {

			"AWS": "*account-ARN*"

		},

		"Effect": "Allow",

		"Action": [

			"s3:*"

		],

		"Resource": [

                             arn:aws:s3:::xxxxxxxxxxxxxxx/*

		]

	}

]

}

Resources:-

[1]https://docs.aws.amazon.com/AmazonS3/latest/userguide/olap-policies.html

Asisipho
beantwortet vor 2 Jahren
0

In my understanding, olap policy must point, resource-wise, to an access-point, action-wise to object-lambda action - not a directly to a bucket nor s3 actions.

Any, attempting to change action to what you suggest raises the error "Unsupported Action In Policy: The action s3: is not supported for the resource-based policy attached to resource type S3 Bucket.*" while the resource raises "Unsupported Resource ARN In Policy: The resource ARN is not supported for the resource-based policy attached to resource type S3 Object Lambda Access Point.".

So, it doesn't to be solving the issue...

AWS-User-3194526
beantwortet vor 2 Jahren

Du bist nicht angemeldet. Anmelden um eine Antwort zu veröffentlichen.

Eine gute Antwort beantwortet die Frage klar, gibt konstruktives Feedback und fördert die berufliche Weiterentwicklung des Fragenstellers.

Richtlinien für die Beantwortung von Fragen

Relevanter Inhalt