- I have a destination AWS S3 bucket in London (eu-west-2) AZ
- My bucket has ACLs enabled
- Everyone can list, read and write on my AWS S3 Bucket
- I did not block public access
- Regarding the Bucket Policy, I am allowing S3 GetObject, S3 PutObject and S3 dELETEoBJECT (I am aware that this is not a good practice, but its my 1st exercise on AWS)
- I've read this stackoverflow post on How to Configure Access Point Policy for Listing Objects Within a Folder
- Unfortunately I still have some questions.
SOURCE ACCOUNT ACCESS POINT INFO :
AWS Region: Europe (Ireland) eu-west-1
Network origin: Internet
JSON Policy:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": "*",
"Action": "s3:ListBucket",
"Resource": "YYYXZZZ"
}
]
}
Questions
- On the destination S3 Bucket Access Point, I do need to write the source access point.
- And vice-versa -> On the source S3 Bucket Access Point, I do need to write the destination access point)
Q: Am I correct about the 2 statements/questions above?
From the youtube videos Ive seen and questioning DeepSeek I thought that I was doing nothing wrong.
But I got an AWS API error:
Invalid Access Point Policy. Update the access point policy and try again.
The detail of the error says:
API response Policy has invalid resource
Q: Why does my destination source access point considers the source access point an invalid resource?
Thank you a lot.
- I have a destination AWS S3 bucket in London (eu-west-2) AZ
- My bucket has ACLs enabled
- Everyone can list, read and write on my AWS S3 Bucket
- I did not block public access
- Regarding the Bucket Policy, I am allowing S3 GetObject, S3 PutObject and S3 dELETEoBJECT (I am aware that this is not a good practice, but its my 1st exercise on AWS)
- I've read this stackoverflow post on How to Configure Access Point Policy for Listing Objects Within a Folder
- Unfortunately I still have some questions.
SOURCE ACCOUNT ACCESS POINT INFO :
AWS Region: Europe (Ireland) eu-west-1
Network origin: Internet
JSON Policy:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": "*",
"Action": "s3:ListBucket",
"Resource": "YYYXZZZ"
}
]
}
Questions
- On the destination S3 Bucket Access Point, I do need to write the source access point.
- And vice-versa -> On the source S3 Bucket Access Point, I do need to write the destination access point)
Q: Am I correct about the 2 statements/questions above?
From the youtube videos Ive seen and questioning DeepSeek I thought that I was doing nothing wrong.
But I got an AWS API error:
Invalid Access Point Policy. Update the access point policy and try again.
The detail of the error says:
API response Policy has invalid resource
Q: Why does my destination source access point considers the source access point an invalid resource?
Thank you a lot.
Share Improve this question edited yesterday John Rotenstein 270k28 gold badges445 silver badges530 bronze badges Recognized by AWS Collective asked 2 days ago MANUEL SILVAMANUEL SILVA 111 bronze badge1 Answer
Reset to default 0By now I'm pretty sure that all my statements above are incorrect :
the Resource field in an Access Point Policy must reference an ARN for the objects it controls. Not the object we want to send data to or receive data from. I think that the policy references itself. What a silly question...