1 Answer
- Newest
- Most votes
- Most comments
0
Hello, when adding multiple resources in the 'Resource' element of an IAM policy statement, to indicate the values to be of type list, in JSON, the comma-separated values have to be enclosed with [ ] and in YAML, individual resources have to be listed with '-'. The above is considered as a single resource with duplicate !Sub leading to the duplicate key issue. Following resource definition worked for me that you can consider testing:
"RolePolicies": {
"Type": "AWS::IAM::Policy",
"Properties": {
"PolicyName": "GetGEBucketPutCustomerBucket",
"PolicyDocument": {
"Statement": [
{
"Action": [
"s3:PutObject",
"s3:GetObject",
"s3:GetObjectAttributes",
"s3:GetObjectTagging",
"s3:ListBucket",
"s3:DeleteObject"
],
"Effect": "Allow",
"Resource": [
{
"Fn::Sub": [
"${arn}",
{
"arn": {
"Ref": "CustomerS3BucketARN"
}
}
]
},
{
"Fn::Sub": [
"${arn}/*",
{
"arn": {
"Ref": "CustomerS3BucketARN"
}
}
]
}
]
}
]
},
"Roles": [
{
"Ref": "InstanceRole"
}
]
},
"Metadata": {
"AWS::CloudFormation::Designer": {
"id": "a713fcc6-95c8-423f-a5b8-0020a81e5ce4"
}
}
}
Relevant content
- Accepted Answerasked a month ago
- Accepted Answerasked 8 months ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 2 months ago