Closed ajspetner closed 1 year ago
Hey @ajspetner, thank you reaching out. On diving deeper into the behaviour. I was able to find the following.
the resources.s3AuthPublicPolicy.policyDocument.Statement
utilizes the following structure.
{
Effect: 'Allow',
Action: { 'Fn::Split': [Array] },
Resource: [ [Object] ]
}
while the resources.s3AuthReadPolicy.policyDocument.statements
utilizes following
PolicyStatement {
_action: [ 's3:GetObject' ],
_notAction: [],
_principal: {},
_notPrincipal: {},
_resource: [ '${Token[Fn::Join.1151]}' ],
_notResource: [],
_condition: {},
_principals: [],
_notPrincipals: [],
sid: undefined,
effect: 'Allow'
},
which expects a IAM document structure.
As workaround, I able to use the following to add the statement which copies a existing policy statement and adds the required statements.
var copy = resources.s3AuthReadPolicy.policyDocument.statements[0];
copy._action = 's3:PutObject';
copy._resource = 'arn';
copy.effect = 'Allow';
resources.s3AuthReadPolicy.policyDocument.statements.push(copy);
on a push I was able to see the permission in the IAM policy on AWS console. Additionally, we can try to utilize amplify add custom
to utilize the IAM cdk library to create a Policy statement and add it to the existing bucket.
Hey @ajspetner, following up on this issue. Please do let us know if you require any assistance.
Closing due to inactivity
All other solutions don't work and this seems to be the current solution for now.
Hi, I'm running into this issue on @aws-amplify/cli==11.0.5 and @aws-amplify/cli-extensibility-helper==3.0.0. Is there any plan to make the types consistent? Or accept PRs to do so?
This issue is still happening. When I follow the docs, I get the Statement is not iterable
error. (For reference, the docs I followed: https://docs.amplify.aws/cli/storage/override/.)
Building on a workaround above, I found something like this approach did not cause an error.
resources.s3GuestReadPolicy.policyDocument.statements.push({
Effect: "Allow",
Action: "s3:GetObject",
Resource: `${resources.s3Bucket.attrArn}/public/*`
})
I can override s3AuthPublicPolicy with the following:
However, when I try doing the same for s3AuthReadPolicy, I get the following message:
🛑 Error: Skipping override due to TypeError: resources.s3AuthReadPolicy.policyDocument.Statement is not iterable
When I doconsole.log(resources.s3AuthReadPolicy.policyDocument.Statement)
, I getundefined
. However, if I doconsole.log(JSON.stringify(resources.s3AuthReadPolicy.policyDocument))
, I do see theStatement
object in the JSON.