The video instructs us to include "/*" on the end of resource ARN to avoid error "Action does not apply to any resource(s) in statement". However, I’m not receiving an error if excluded. Is anyone experiencing this? Is the mention in the video still valid?
1 Answers
I think it depends on what action you’re specifying. If your action modifies an object within the bucket you need the /*, if it’s against the bucket itself it doesn’t appear to be needed. If you have multiple actions affecting both the bucket and objects, it looks like both are needed.
With
"Action": [
"s3:DeleteBucket",
"s3:DeleteObject"
],
I had to use both to apply the bucket policy without error.
"Resource": [
"arn:aws:s3:::myrandombucketname-apd",
"arn:aws:s3:::myrandombucketname-apd/*"
],
Sorry about the formatting, hopefully the example makes sense. 🙂
so the DeleteBucket needs the bucket url (with out he /), and the DeleteObject needs the object url (with the /). Is that correct?
Yep. Think of it as "/" is for the stuff IN the bucket, i.e. objects. So where your action is on an Object, you need the /. Note: "/*" is for ALL the objects in the bucket.
Fantastic!
i did get the error without /*