Create AWS Policies-serverless framework

Question

I am trying to create policies using serverless framework. The idea is to access S3 services, depending on the user's company.

I tried to deploy my serverless.yaml with the policy:

 - PolicyName: IAM_AWS_S3
            PolicyDocument:
              Version: "2012-10-17"
              Statement:
                - Effect: Allow
                  Action: '*'
                  Resource: 
                    - !Sub 'arn:aws:s3:${AWS::AccountId}-${aws:PrincipalTag/company}'
                    - !Sub 'arn:aws:s3:${AWS::AccountId}-${aws:PrincipalTag/company}/*'

but I get this error:

CREATE_FAILED: AuthenticatedRole (AWS::IAM::Role) The policy failed legacy parsing (Service: AmazonIdentityManagement; Status Code: 400; Error Code: MalformedPolicyDocument; Request ID: da38iiii; Proxy: null)

So, here is my question, is it possible to create a policy before I have a user? can PrincipalTag/company be null?

Thanks in advance

Answer 1

It is not possible to use PropertyTag for this issue due to I needed to use it in DynamoDB too. I just create the policies through a Lambda.

Take into account these answers:

• IAM Policy with `aws:ResourceTag` not supported

• Use tags inside IAM policy resource