How do I create an AWS Access Point Policy, without getting "Error Policy has invalid resource"?

Question

Using

$ aws s3 mb s3://freds-321-pizza
make_bucket: freds-321-pizza

to successfully create a bucket. Using AWS Console

1. create access point, name - freds-access-point
2. check internet box
3. "block all public access" - tried with this on and off
4. ARN - created [arn:aws:s3:us-east-1:************:accesspoint/freds-access-point
5. Submit "Create Access Point"
6. Successfully created access point: freds-access-point

Go back into Access Point and Edit Policy, as follows;

{ 
   "Version": "2012-10-17", 
   "Statement": [ 
     { 
       "Action": ["s3:GetObject","s3:PutObject"], 
       "Effect": "Allow", 
       "Principal": {"AWS": ["*"]}, 
       "Resource": ["arn:aws:s3:::freds-321-pizza/*"] 
     } 
   ] 
 }

Getting "Error Policy has invalid resource", please help?

Note: AWS CLI; --doesn't work

aws s3control get-access-point --name freds-access-point --account-id ************

Will update when I find the right command.

Answer 1

This is beacause you're giving the S3 Bucket ARN, not the actual resources you want to attach to the policy. Objects within the S3 are the actual resources you look for.

Your Resource should look something like this:

"Resource": "arn:aws:s3:zone:account_ID:accesspoint/access-point-name/object/*"

/object/

Hope this was helpful!