Question

The below code was generated by using the S3 policy generator. when I paste the code into the AWS S3 edit policy console it shows an error.

{
  "Id": "Policy1611491895768",
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "Stmt1611491893687",
      "Action": [
        "s3:GetObject"
      ],
      "Effect": "Allow",
      "Resource": "arn:aws:s3:::aws-landing-zone-configuration-756692330110-ap-south-1",
      "Principal": {
        "AWS": [
          "\"AWS\": \"arn:aws:iam::756692330110::user/aravindkumar.s@gmail.com\""
        ]
      }
    }
  ]
}

How do I overcome this error?

Answer 1

The issue is that GetObject is applicable only to bucket objects, not the bucket. To solve this make sure that  Resources should contain   /* at the end.
There is one more issue on your side that needs to be fixed. That is your Principle is not formatted right.
Updated policy:

  {
    "Version": "2012-10-17",
    "Id": "Policy1611491895768",
    "Statement": [
        {
            "Sid": "Stmt1611491893687",
            "Effect": "Allow",
            "Principal": {
                "AWS": ["arn:aws:iam::756692330110:user/aravindkumar.s@gmail.com"]
            },
            "Action": "s3:GetObject",
            "Resource": "arn:aws:s3:::aws-landing-zone-configuration-756692330110-ap-south-1/*"
        }
    ]
  }

I hope this helps you.