Certified Security - Specialty

Sign Up Free or Log In to participate!

excluding /* from bucket policy ARN doesn’t result in error

The video instructs us to include "/*" on the end of resource ARN to avoid error "Action does not apply to any resource(s) in statement". However, I’m not receiving an error if excluded. Is anyone experiencing this? Is the mention in the video still valid?


i did get the error without /*

1 Answers

I think it depends on what action you’re specifying.  If your action modifies an object within the bucket you need the /*, if it’s against the bucket itself it doesn’t appear to be needed.  If you have multiple actions affecting both the bucket and objects, it looks like both are needed. 


 "Action": [




I had to use both to apply the bucket policy without error.  

"Resource": [





Sorry about the formatting, hopefully the example makes sense. 🙂

Jon Searle

so the DeleteBucket needs the bucket url (with out he /), and the DeleteObject needs the object url (with the /). Is that correct?


Yep. Think of it as "/" is for the stuff IN the bucket, i.e. objects. So where your action is on an Object, you need the /. Note: "/*" is for ALL the objects in the bucket.

Security Consultant


Sign In
Welcome Back!

Psst…this one if you’ve been moved to ACG!

Get Started
Who’s going to be learning?