Aws-cli: Policies must be valid JSON and the first byte must be '{'

Created on 19 Aug 2017  ·  3Comments  ·  Source: aws/aws-cli

Hello. I have seen this error in a few issues, and I must be tired. It is not obvious to me what the solution should be. I am trying to upload a bucket policy and getting a JSON error. I then downloaded (used UI to enter and it worked fine)/uploaded and get the same error. Any suggestion on how to use the tool to upload this? Keep up the good work!

$ aws s3api get-bucket-policy --bucket cloud-1-$NAME > student-1-bucket.manual.json
$ aws s3api put-bucket-policy --bucket cloud-1-$NAME --policy student-1-bucket.manual.json 

An error occurred (MalformedPolicy) when calling the PutBucketPolicy operation: Policies must be valid JSON and the first byte must be '{'
$ cat student-1-bucket.manual.json 
{
    "Policy": "{\"Version\":\"2012-10-17\",\"Statement\":[{\"Sid\":\"ExampleStatement1\",\"Effect\":\"Allow\",\"Principal\":{\"AWS\":\"arn:aws:iam::934017622331:user/student-1-cloud\"},\"Action\":\"*\",\"Resource\":\"arn:aws:s3:::cloud-1-14604\"}]}"
}
$

Most helpful comment

--policy normally accepts a JSON string, which it thinks your filename is actually the JSON document you want to use. For doing it with files, you'll need to utilize the file:// protocol like so:

aws s3api put-bucket-policy --bucket cloud-1-$NAME --policy file://student-1-bucket.manual.json

Note I don't have access to your environment, so if the file:// bit fails you may want to provide it with the absolute path to student-1-bucket.manual.json instead.

All 3 comments

--policy normally accepts a JSON string, which it thinks your filename is actually the JSON document you want to use. For doing it with files, you'll need to utilize the file:// protocol like so:

aws s3api put-bucket-policy --bucket cloud-1-$NAME --policy file://student-1-bucket.manual.json

Note I don't have access to your environment, so if the file:// bit fails you may want to provide it with the absolute path to student-1-bucket.manual.json instead.

@cwgem you are totally correct! Thank you.

Specification:

aws s3api put-bucket-policy \
--bucket $BucketName \ 
--policy file://$PathToPolicy/bucketpolicy.json

For example:

aws s3api put-bucket-policy \
--bucket firstbucket.mydomain.com \
--policy file:///Users/Andy/Desktop/bucketpolicy.json
Was this page helpful?
0 / 5 - 0 ratings