AWS BucketPolicy 无法创建 - 无效的策略语法 MalformedPolicy
AWS BucketPolicy failed to create - Invalid policy syntax MalformedPolicy
我正在尝试在 yaml 中创建以下存储桶策略,但 bucketPolicy 无法创建:
Cloudformation 错误信息:
Invalid policy syntax. (Service: Amazon S3; Status Code: 400; Error Code: MalformedPolicy; Request ID: CD4; S3 Extended Request ID: Noxxxx/sXX=; Proxy: null)
需要做的桶策略:
{
"Version": "2012-10-17",
"Id": "ig",
"Statement": [
{
"Sid": "LZone",
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::123:role/l-zone"
},
"Action": [
"s3:AbortMultipartUpload",
"s3:ListBucket",
"s3:PutObject",
"s3:GetObject",
"s3:GetObjectVersion",
"s3:PutObjectAcl"
],
"Resource": [
"arn:aws:s3:::bucketname-l/*",
"arn:aws:s3:::bucketname-l"
]
}
]
}
这是上述政策的 yaml 代码(不工作):
LBucket:
Type: AWS::S3::Bucket
Properties:
BucketName: !Sub bucketname-l
LBucketPolicy:
Type: AWS::S3::BucketPolicy
Properties:
Bucket: !Ref LBucket
PolicyDocument:
Version: '2012-10-17'
Statement:
- Sid: LZone
Effect: Allow
Action:
- 's3:AbortMultipartUpload'
- 's3:ListBucket'
- 's3:PutObject'
- 's3:GetObject'
- 's3:GetObjectVersion'
- 's3:PutObjectAcl'
Resource:
Fn::Join:
- ""
-
- "arn:aws:s3:::"
-
Ref: "LBucket"
- "/*"
Principal: "AWS: arn:aws:iam::123:role/l-zone"
有人可以帮助解决我所缺少的问题吗?谢谢
政策应该是:
LBucketPolicy:
Type: AWS::S3::BucketPolicy
Properties:
Bucket: !Ref LBucket
PolicyDocument:
Version: '2012-10-17'
Statement:
- Sid: LZone
Effect: Allow
Action:
- 's3:AbortMultipartUpload'
- 's3:ListBucket'
- 's3:PutObject'
- 's3:GetObject'
- 's3:GetObjectVersion'
- 's3:PutObjectAcl'
Resource:
- !Sub "arn:aws:s3:::${LBucket}"
- !Sub "arn:aws:s3:::${LBucket}/*"
Principal:
AWS: arn:aws:iam::123:role/l-zone
我正在尝试在 yaml 中创建以下存储桶策略,但 bucketPolicy 无法创建:
Cloudformation 错误信息:
Invalid policy syntax. (Service: Amazon S3; Status Code: 400; Error Code: MalformedPolicy; Request ID: CD4; S3 Extended Request ID: Noxxxx/sXX=; Proxy: null)
需要做的桶策略:
{
"Version": "2012-10-17",
"Id": "ig",
"Statement": [
{
"Sid": "LZone",
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::123:role/l-zone"
},
"Action": [
"s3:AbortMultipartUpload",
"s3:ListBucket",
"s3:PutObject",
"s3:GetObject",
"s3:GetObjectVersion",
"s3:PutObjectAcl"
],
"Resource": [
"arn:aws:s3:::bucketname-l/*",
"arn:aws:s3:::bucketname-l"
]
}
]
}
这是上述政策的 yaml 代码(不工作):
LBucket:
Type: AWS::S3::Bucket
Properties:
BucketName: !Sub bucketname-l
LBucketPolicy:
Type: AWS::S3::BucketPolicy
Properties:
Bucket: !Ref LBucket
PolicyDocument:
Version: '2012-10-17'
Statement:
- Sid: LZone
Effect: Allow
Action:
- 's3:AbortMultipartUpload'
- 's3:ListBucket'
- 's3:PutObject'
- 's3:GetObject'
- 's3:GetObjectVersion'
- 's3:PutObjectAcl'
Resource:
Fn::Join:
- ""
-
- "arn:aws:s3:::"
-
Ref: "LBucket"
- "/*"
Principal: "AWS: arn:aws:iam::123:role/l-zone"
有人可以帮助解决我所缺少的问题吗?谢谢
政策应该是:
LBucketPolicy:
Type: AWS::S3::BucketPolicy
Properties:
Bucket: !Ref LBucket
PolicyDocument:
Version: '2012-10-17'
Statement:
- Sid: LZone
Effect: Allow
Action:
- 's3:AbortMultipartUpload'
- 's3:ListBucket'
- 's3:PutObject'
- 's3:GetObject'
- 's3:GetObjectVersion'
- 's3:PutObjectAcl'
Resource:
- !Sub "arn:aws:s3:::${LBucket}"
- !Sub "arn:aws:s3:::${LBucket}/*"
Principal:
AWS: arn:aws:iam::123:role/l-zone