putBucketPolicy Invalid principal in policy determine one or more

Question

[nodejs sdk, s3.putBucketPolicy, error handling]

Is there a way to determine (one or more) invalid arn's (invalid account numbers) from error object returned by S3 putBucketPolicy call? Error statusCode is 400 however, trying to figure out which set of principals are invalid.

To clarify further I am not looking for validating role, root ARN patterns. More like, one or more account number(s) thats not correct. Can we extract that from error object or else where?

score 0 · Answer 1 · answered Dec 08 '21 at 00:25

0

There are couple of ways to validate an arn:

Using organizations service
Using ARN as principal and apply a bucket policy for a dummy bucket. Let AWS SDK validate it for you, clean up afterwards.

answered Dec 08 '21 at 00:25

Jason B

21
7

putBucketPolicy Invalid principal in policy determine one or more

1 Answers1