Amazon web services AWS BucketPolicy未能创建-无效策略语法格式错误策略
我试图在yaml中创建以下bucket策略,但bucketPolicy无法创建: 云信息错误消息:Amazon web services AWS BucketPolicy未能创建-无效策略语法格式错误策略,amazon-web-services,amazon-s3,amazon-cloudformation,aws-serverless,Amazon Web Services,Amazon S3,Amazon Cloudformation,Aws Serverless,我试图在yaml中创建以下bucket策略,但bucketPolicy无法创建: 云信息错误消息: Invalid policy syntax. (Service: Amazon S3; Status Code: 400; Error Code: MalformedPolicy; Request ID: CD4; S3 Extended Request ID: Noxxxx/sXX=; Proxy: null) { "Version": "2012-10-
Invalid policy syntax. (Service: Amazon S3; Status Code: 400; Error Code: MalformedPolicy; Request ID: CD4; S3 Extended Request ID: Noxxxx/sXX=; Proxy: null)
{
"Version": "2012-10-17",
"Id": "ig",
"Statement": [
{
"Sid": "LZone",
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::123:role/l-zone"
},
"Action": [
"s3:AbortMultipartUpload",
"s3:ListBucket",
"s3:PutObject",
"s3:GetObject",
"s3:GetObjectVersion",
"s3:PutObjectAcl"
],
"Resource": [
"arn:aws:s3:::bucketname-l/*",
"arn:aws:s3:::bucketname-l"
]
}
]
}
LBucket:
Type: AWS::S3::Bucket
Properties:
BucketName: !Sub bucketname-l
LBucketPolicy:
Type: AWS::S3::BucketPolicy
Properties:
Bucket: !Ref LBucket
PolicyDocument:
Version: '2012-10-17'
Statement:
- Sid: LZone
Effect: Allow
Action:
- 's3:AbortMultipartUpload'
- 's3:ListBucket'
- 's3:PutObject'
- 's3:GetObject'
- 's3:GetObjectVersion'
- 's3:PutObjectAcl'
Resource:
Fn::Join:
- ""
-
- "arn:aws:s3:::"
-
Ref: "LBucket"
- "/*"
Principal: "AWS: arn:aws:iam::123:role/l-zone"
需要执行的桶策略:
Invalid policy syntax. (Service: Amazon S3; Status Code: 400; Error Code: MalformedPolicy; Request ID: CD4; S3 Extended Request ID: Noxxxx/sXX=; Proxy: null)
{
"Version": "2012-10-17",
"Id": "ig",
"Statement": [
{
"Sid": "LZone",
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::123:role/l-zone"
},
"Action": [
"s3:AbortMultipartUpload",
"s3:ListBucket",
"s3:PutObject",
"s3:GetObject",
"s3:GetObjectVersion",
"s3:PutObjectAcl"
],
"Resource": [
"arn:aws:s3:::bucketname-l/*",
"arn:aws:s3:::bucketname-l"
]
}
]
}
LBucket:
Type: AWS::S3::Bucket
Properties:
BucketName: !Sub bucketname-l
LBucketPolicy:
Type: AWS::S3::BucketPolicy
Properties:
Bucket: !Ref LBucket
PolicyDocument:
Version: '2012-10-17'
Statement:
- Sid: LZone
Effect: Allow
Action:
- 's3:AbortMultipartUpload'
- 's3:ListBucket'
- 's3:PutObject'
- 's3:GetObject'
- 's3:GetObjectVersion'
- 's3:PutObjectAcl'
Resource:
Fn::Join:
- ""
-
- "arn:aws:s3:::"
-
Ref: "LBucket"
- "/*"
Principal: "AWS: arn:aws:iam::123:role/l-zone"
这是yaml中针对上述策略的代码(不起作用):
Invalid policy syntax. (Service: Amazon S3; Status Code: 400; Error Code: MalformedPolicy; Request ID: CD4; S3 Extended Request ID: Noxxxx/sXX=; Proxy: null)
{
"Version": "2012-10-17",
"Id": "ig",
"Statement": [
{
"Sid": "LZone",
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::123:role/l-zone"
},
"Action": [
"s3:AbortMultipartUpload",
"s3:ListBucket",
"s3:PutObject",
"s3:GetObject",
"s3:GetObjectVersion",
"s3:PutObjectAcl"
],
"Resource": [
"arn:aws:s3:::bucketname-l/*",
"arn:aws:s3:::bucketname-l"
]
}
]
}
LBucket:
Type: AWS::S3::Bucket
Properties:
BucketName: !Sub bucketname-l
LBucketPolicy:
Type: AWS::S3::BucketPolicy
Properties:
Bucket: !Ref LBucket
PolicyDocument:
Version: '2012-10-17'
Statement:
- Sid: LZone
Effect: Allow
Action:
- 's3:AbortMultipartUpload'
- 's3:ListBucket'
- 's3:PutObject'
- 's3:GetObject'
- 's3:GetObjectVersion'
- 's3:PutObjectAcl'
Resource:
Fn::Join:
- ""
-
- "arn:aws:s3:::"
-
Ref: "LBucket"
- "/*"
Principal: "AWS: arn:aws:iam::123:role/l-zone"
有人能帮我找到我所缺少的吗。谢谢政策应该是:
LBucketPolicy:
Type: AWS::S3::BucketPolicy
Properties:
Bucket: !Ref LBucket
PolicyDocument:
Version: '2012-10-17'
Statement:
- Sid: LZone
Effect: Allow
Action:
- 's3:AbortMultipartUpload'
- 's3:ListBucket'
- 's3:PutObject'
- 's3:GetObject'
- 's3:GetObjectVersion'
- 's3:PutObjectAcl'
Resource:
- !Sub "arn:aws:s3:::${LBucket}"
- !Sub "arn:aws:s3:::${LBucket}/*"
Principal:
AWS: arn:aws:iam::123:role/l-zone
谢谢Marcin,我尝试得太早了,但会再试一次。Thanks@Harry没问题。这是正确的保单格式。如果它不起作用,那么还有一些其他问题,从你的问题来看还不明显。我不得不删除关于AWS:under Principal的引用。将标记为正确。谢谢