Setting bucket policy

Drkstr · May 27, 2020, 2:47pm

I am having some trouble adding a policy to my s3 bucket. I keep getting this error

Error: The CloudFormation template is invalid: Invalid template property or properties [BucketPolicy]

Here is the policy I have

BucketPolicy:
  Type: AWS::S3::BucketPolicy
  Properties:
    PolicyDocument:
      Id: Policy1590589947784
      Version: '2012-10-17'
      Statement:
      - Sid: getObjectFromS3
        Action:
        - s3:GetObject
        Effect: Allow
        Resource: arn:aws:s3:::${self:provider.environment.S3_BUCKET}
        Principal: "*"

Questions:

How would I debug this, how can I tell what part of that is invalid
How do I set the bucket policy to allow for pre-signed URL downloads?

willc417 · May 27, 2020, 9:00pm

I think the error is in the Resource. I believe you need to use !Sub to substitute the variable into the arn. Try: !Sub “arn:aws:s3:::${self:provider.environment.S3_BUCKET}” (There’s other syntax for this as well, but it is the most straightforward for my use)
. I am also new to serverless, but in my experience it has been difficult to debug, so I have relied heavily on the Cloudformation Docs and trial and error.

Hope this helps!

Drkstr · May 28, 2020, 5:40pm

Yup, that worked.
Thanks man

Topic		Replies	Views
Error Code: MalformedPolicy; Serverless Framework aws , cloudformation	1	2330	June 22, 2020
Setting up S3 bucket policy Serverless Framework	2	4260	November 21, 2016
Trouble using GetAtt or Fn::Join in s3 bucket policy - An error occurred: MyBucketPolicy - Invalid bucket policy syntax Serverless Framework aws	1	2629	August 9, 2018
AWS::SNS::TopicPolicy - Invalid template resource property 'Topics' Serverless Framework aws	2	7817	September 3, 2019
An error occurred: BucketPolicy - Cannot modify S3 policy of a bucket in different region Serverless Framework aws	2	1551	April 2, 2019

Setting bucket policy

Related topics