Ryan states in his bucket policy lecture that if you don’t have the wild card symbol /* at the end the resource in the bucket policy, that you won’t be able to save the bucket policy, because you will get an error. However, that is not completely true. If you are allowing all actions and using the wild card for the Action,* then the / is not required at the end of the resource. However, IF you list specific actions for the Action field… like S3: GetObject, S3:PutObject, then you will need /*** at the end of your resource.
So if Actions = then / is not required at the end of the resource.
But if Actions = anything less than (like like S3: GetObject, S3:PutObject) than / is required at the end of the resource.
In the examine simulator, there is a question that reads:
You have added the following statement to your S3 bucket policy, to give a user access to all items in the bucket called mys3bucket: { "Effect": "Allow", "Action": *""**, "Resource":"arn:aws:s3:::myS3bucket" } However when you try to add the policy, you get the following error: Action does not apply to any resource(s) in statement. What do you need to do resolve this?
*To keep the answer the same and to enforce the concept of using / at the end of the resource, this should change to:**
You have added the following statement to your S3 bucket policy, to give a user access to all items in the bucket called mys3bucket: { "Effect": "Allow", "Action": "S3:GetObject", "S3:PutObject", "Resource":"arn:aws:s3:::myS3bucket" } However when you try to add the policy, you get the following error: Action does not apply to any resource(s) in statement. What do you need to do resolve this?
I’m not trying to knit pick, just wanted to help and give feedback. Personally, I think this is the best security course that I have come across!