Malformed S3 policy

mark-1234 · August 16, 2019, 9:21am

Hi all,
I’ve just taken over some Terraform automation and attempting to configure an s3 bucket with various permissions.
I’m trying to add an additional policy of adding a pre-configured iam role onto the bucket with the relevant actions.
I have created a policy before this one that works on adding another aws user but when i add this and run the plan it succeeds, but on apply it hangs on modifying then errors with a malformedpolicy, status code 400?

Any help would be appreciated.

policy = <<POLICY
  {
   "Id": "name",
   "Version": "2012-10-17",
   "Statement" :[
    {
      "Sid": "name",
      "Action" :[
         "s3:GetObject",
         "s3GetObjectVersion",
         "s3:ListBucketVersions",
         "s3:ListBucket"
       ],
       "Effect" :"Allow",
       "Resource" : [
       "arn:aws:s3:::${local.s3_bucket_name}",
       "arn:aws:s3:::${local.s3_bucket_name}/*"  
       ],
       "Principal": {
          "AWS":["arn:aws:iam::awsaccountdetails:role/service-role/username"]
       }
     }
   ]
  } 
POLICY

apparentlymart · August 16, 2019, 4:22pm

Hi @mark-1234!

It sounds like the error you’re getting here is coming from the remote AWS API rather than from Terraform itself, but if you can share the full error message text exactly as printed by Terraform then I or someone else might have some ideas on how to respond to it.

Thanks!

mark-1234 · August 21, 2019, 12:50pm

Hi @apparentlymart

Thanks for the reply, i figured it out , i originally started the job of creating the bucket as a data source, and it was failing on that after i tried to add the additional bucket policy parameters.
When i change it to a resource it worked.
Thanks for the reply.