'MalformedPolicyDocument Error on CreatePolicyCommand for AWS SDK V3

Question

I am trying to pass an array of buckets of another AWS account A to a policy of account B.I am getting error:

Error: { Type: 'Sender', Code: 'MalformedPolicyDocument', Message: 'The policy failed legacy parsing', message: 'The policy failed legacy parsing' }, RequestId: '7e07b036-4c42-4b75-82d7-d5aec3d2475e', xmlns: 'https://iam.amazonaws.com/doc/2010-05-08/' }*

but the policy is created.

const bucketCustomName = settingsConstants.getEnterpriseConstants().enterpriseID;
    let bucketArr = ["arn:aws:s3:::" + bucketCustomName + "/*"];
    for (let i = 0; i < 10; i++) {
        const prefix = (i >= 100 ? '' : i >= 10 ? '0' : '00');
        const bucketName = "arn:aws:s3:::" + `${bucketCustomName}-${prefix}${i}` + "/*";
        bucketArr.push(bucketName);
    }
    console.log(bucketArr);
    let policySpec = {
        "Version": "2012-10-17",
        "Statement": [{
            "Sid": "VisualEditor0",
            "Effect": "Allow",
            "Action": "s3:*",
            "Resource": bucketArr
        }]
    }

    let nonPrimaryBucketPolicy = {
        PolicyName: "bucketPrimaryAccess",
        PolicyDocument: JSON.stringify(policySpec)
    }
   
        const nonPrimaryBucketPolicyResponse = await iamManager.iamClient.send(new CreatePolicyCommand(nonPrimaryBucketPolicy));

I have tried checking my JSON and also verified everything but still getting the error. Is it due to bucket arns of different account.

Note that an ARN of the form `arn:aws:s3:::mybucket/*` does *not* represent a bucket. It represents the objects in a bucket. — jarmod, Aug 29 '23 at 13:50
I don't see how you you would get a MalformedPolicyDocument exception yet the policy was created. Are you sure? — jarmod, Aug 29 '23 at 14:00
Suggest you add the generated JSON policy to your post, masking any sensitive information. — jarmod, Sep 01 '23 at 12:03

'MalformedPolicyDocument Error on CreatePolicyCommand for AWS SDK V3

0 Answers0