Create AWS Policies-serverless framework

143 Views Asked by Meli At 04 July 2022 at 19:23

I am trying to create policies using serverless framework. The idea is to access S3 services, depending on the user's company.

I tried to deploy my serverless.yaml with the policy:

 - PolicyName: IAM_AWS_S3
            PolicyDocument:
              Version: "2012-10-17"
              Statement:
                - Effect: Allow
                  Action: '*'
                  Resource: 
                    - !Sub 'arn:aws:s3:${AWS::AccountId}-${aws:PrincipalTag/company}'
                    - !Sub 'arn:aws:s3:${AWS::AccountId}-${aws:PrincipalTag/company}/*'

but I get this error:

CREATE_FAILED: AuthenticatedRole (AWS::IAM::Role) The policy failed legacy parsing (Service: AmazonIdentityManagement; Status Code: 400; Error Code: MalformedPolicyDocument; Request ID: da38iiii; Proxy: null)

So, here is my question, is it possible to create a policy before I have a user? can PrincipalTag/company be null?

Thanks in advance

Original Q&A

There are 1 best solutions below

Meli On 06 July 2022 at 12:36

It is not possible to use PropertyTag for this issue due to I needed to use it in DynamoDB too. I just create the policies through a Lambda.

Take into account these answers:

Create AWS Policies-serverless framework

There are 1 best solutions below

Related Questions in SERVERLESS

Related Questions in AWS-ACCESS-POLICY

Trending Questions

Popular # Hahtags

Popular Questions