Menu
I wanted to provide public access to all files in my bucket. Several SO answers including this popular one indicated that I should create a policy.
So I went and copy pasted and edited the resource name and version date, but I get an error
Document is invalid: Invalid Version 2014-05-02 - undefined
I went and looked at the documentation (note that it says "latest") and the example given is
{
"Version":"2012-10-17",
"Statement":[{
"Sid":"PublicReadGetObject",
"Effect":"Allow",
"Principal": {
"AWS": "*"
},
"Action":["s3:GetObject"],
"Resource":["arn:aws:s3:::example-bucket/*"
]
}
]
}
I took that, updated the resource name, and tried again. Still didn't work: version doesn't exist.
I then notice a link that says "AWS policy generator" in the corner of the dialog. I filled in the details, hit "generate", and got something like this
{
"Id": "Policy1399047197120",
"Statement": [
{
"Sid": "Stmt1399047194777",
"Action": [
"s3:GetObject"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::mybucketname/*",
"Principal": {
"AWS": [
"AWS"
]
}
}
]
}
And it worked! Great, so it looks like they've decided to drop the "version" option, except all of the examples I've seen on SO and in their examples include this "version" option.
The version is not important to me, but is this a known change?
323
Versioning in Amazon S3 is a means of keeping multiple variants of an object in the same bucket. You can use the S3 Versioning feature to preserve, retrieve, and restore every version of every object stored in your buckets.
Go to AWS Console https://console.aws.amazon.com/s3. Select your S3 bucket. Select the Properties tab. The Versioning status will be shown in the Versioning section.
If you're denied permissions, then use another IAM identity that has bucket access, and edit the bucket policy. Or, delete and recreate the bucket policy if no one has access to it. If you're trying to add a public read policy, then disable the bucket's S3 Block Public Access.
2012-10-17 from the examples is a static, constant, literal date expression, specifying the version of IAM policy language your policy statement uses -- not your policy statement's revision date.
There are only two possible values that you can use here, as of now: 2012-10-17 and 2008-10-17. If you don't specify, it's assumed that you're using the older version, which has a more limited functionality. Any other value represents a version of IAM policy language that doesn't exist, and is not valid for that reason.
http://docs.aws.amazon.com/IAM/latest/UserGuide/AccessPolicyLanguage_ElementDescriptions.html#Version
110
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
