Is resource arn required in the policy attached to the same resource

Question

I want to attach a File system policy to an AWS EFS (Elastic File System) named fs-01ab01ab01ab123. Essentially, this is the policy.

File system policy

    "Statement": [
        {
            "Sid": "Mytest",
            "Effect": "Allow",
            "Principal": {
                "AWS": "*"
            },
            "Action": [
                "elasticfilesystem:ClientRootAccess",
                "elasticfilesystem:ClientMount",
                "elasticfilesystem:ClientWrite"
            ],
            "Resource": "arn:aws:elasticfilesystem:us-west-2:123412341234:file-system/fs-01ab01ab01ab123",
            "Condition": {
                "Bool": {
                    "aws:SecureTransport": "true"
                }
            }
        }
    ]

Note the ARN of the resource in the policy, it's for the same resource (in this case EFS):

"Resource": "arn:aws:elasticfilesystem:us-west-2:123412341234:file-system/fs-01ab01ab01ab123"

My question is, is resource arn required to be specified in the policy attached to the resource, if it's of the same resource? or we can skip that in this case?

And whatever is the answer to this question, does that apply to all AWS resources? My question is specific to EFS though.

Answer 1

Yes, its required for all resource-based policies.

For example, for bucket policies you include bucket name in the resource arn:

"Resource": "arn:aws:s3:::BUCKET-NAME",

for SQS's resource-based policy you include sqs name :

"Resource": "arn:aws:sqs:us-east-2:444455556666:QUEUE-NAME"

for Lambda's resource-based policy its a function name:

"Resource":  "arn:aws:lambda:us-east-2:123456789012:function:FUNCTION-NAME",

The reason you do it that if the Resource would be automatically inferred, it could lead to problems. For example, in bucket policies, some permissions can apply to specific objects, some other permissions to only buckets. So you have to be explicit which exact resource your permissions should act on.