Update S3 Bucketpolicy with CLI

Subscribe to my newsletter and never miss my upcoming articles

In this post let's see how to update Bucket policy with CLI

What is Bucket Policy?

Bucket Policy is to provide permission, what action can be performed by a person or resource.

💡You can allow or deny a specific action

Remember in S3 you can't map IAM roles whereas you need to handle it with BucketPolicy

Generate Bucket Policy

Bucket Policy is written in JSON.

  • You can write your own JSON. But as always AWS makes all our life easy with this Policy Generator

image.png

Generated Bucket Policy looks like below Save it as a json file

{
  "Id": "Policy1608325485178",
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "Stmt1608325481213",
      "Action": [
        "s3:PutBucketPolicy",
        "s3:PutObject"
      ],
      "Effect": "Allow",
      "Resource": "arn:aws:s3:::tp123456/*",
      "Principal": "*"
    }
  ]
}

Use the below command to update the bucket policy

$ aws s3api put-bucket-policy --bucket <<bucketname>> --policy file://<<filename>>.json

Troubleshooting

You may come across any below two errors

Error 1:

An error occurred (MalformedPolicy) when calling the PutBucketPolicy operation: Policies must be valid JSON and the first byte must be '{'

In the above scenario ensure to check that you have used file:// at beginning of the policy.json file path in the command.

Also check is that the correct file directory.

Error 2

An error occurred (MalformedPolicy) when calling the PutBucketPolicy operation: Action does not apply to any resource(s) in statement

In the above scenario, a check your resource having * in the policy

image.png

Also, double verify if JSON format is valid.

You can use Json Validator


Hope you find this useful. Give 👍 for more posts from us. We also run a youtube channel TechPechu in Tamil( Indian regional Language) do subscribe as moral support! 😀

No Comments Yet