Cloudformation Bucket Policy - “Statement is missing required element”

I have this S3 Bucket and Policy that I am deploying to CloudFormation.

Resources:
  ReportsBucket:
    Type: AWS::S3::Bucket

  BucketPolicy:
    Type: AWS::S3::BucketPolicy
    Properties:
      Bucket: !Ref ReportsBucket
      PolicyDocument:
        Id: ReportPolicy
        Version: "2012-10-17"
        Statement:
          - Sid: ReportBucketPolicyDoc
            Effect: Allow
            Action: "s3:*"
            Principal:
              AWS: !Join ['', ["arn:aws:iam::", !Ref "AWS::AccountId", ":root"]]
            Resource: !Join ['', ['arn:aws:s3:::', !Ref S3Bucket, '/*']]

It fails with,

UPDATE_ROLLBACK_IN_PROGRESS AWS::CloudFormation::Stack  {my stack name} The following resource(s) failed to create: [BucketPolicy].
CREATE_FAILED   AWS::S3::BucketPolicy   BucketPolicy    Statement is missing required element

What's wrong with my policy?

It has two problems:

Missing AWSTemplateFormatVersion on the first line (the required element)
Reference to S3Bucket that should be ReportsBucket

Updated version:

AWSTemplateFormatVersion: 2010-09-09
Resources:
  ReportsBucket:
    Type: AWS::S3::Bucket

  BucketPolicy:
    Type: AWS::S3::BucketPolicy
    Properties:
      Bucket: !Ref ReportsBucket
      PolicyDocument:
        Id: ReportPolicy
        Version: "2012-10-17"
        Statement:
          - Sid: ReportBucketPolicyDoc
            Effect: Allow
            Action: "s3:*"
            Principal:
              AWS: !Join ['', ["arn:aws:iam::", !Ref "AWS::AccountId", ":root"]]
            Resource: !Join ['', ['arn:aws:s3:::', !Ref ReportsBucket, '/*']]

来源：https://stackoverflow.com/questions/46838980/cloudformation-bucket-policy-statement-is-missing-required-element

标签

amazon-web-services

amazon-s3

amazon-cloudformation

易学教程内所有资源均来自网络或用户发布的内容，如有违反法律规定的内容欢迎反馈！
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!