iTranslated by AI
The content below is an AI-generated translation. This is an experimental feature, and may contain errors. View original article
📝
I got an error in the AWS Transfer Family documentation fixed
I found an error in the AWS Transfer Family documentation, reported it, and they fixed it.
The following access policy was the target for correction. Can you spot the mistake?
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "AllowListingOfUserFolder",
"Action": [
"s3:ListBucket"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::bucket_name"
]
},
{
"Sid": "HomeDirObjectAccess",
"Effect": "Allow",
"Action": [
"s3:PutObject",
"s3:GetObject",
"s3:DeleteObject",
"s3:DeleteObjectVersion",
"s3:GetBucketLocation",
"s3:GetObjectVersion",
"s3:GetObjectACL",
"s3:PutObjectACL"
],
"Resource": "arn:aws:s3:::bucket_name/*"
}
]
}
The answer is that the s3:GetBucketLocation action was specified for the arn:aws:s3:::bucket_name/* resource. Since this action returns the region where the bucket is located, it must target the bucket resource itself.
Therefore, it was corrected as follows.
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "AllowListingOfUserFolder",
"Action": [
"s3:ListBucket",
"s3:GetBucketLocation"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::bucket_name"
]
},
{
"Sid": "HomeDirObjectAccess",
"Effect": "Allow",
"Action": [
"s3:PutObject",
"s3:GetObject",
"s3:DeleteObject",
"s3:DeleteObjectVersion",
"s3:GetObjectVersion",
"s3:GetObjectACL",
"s3:PutObjectACL"
],
"Resource": "arn:aws:s3:::bucket_name/*"
}
]
}
By the way, I reported the error through the "Provide feedback" link at the bottom of the documentation page.
You can provide feedback from here
Looking back, it might have been better to send a pull request via GitHub so that a record of my contribution would remain. I'll try that if I get another chance.
Discussion