amazon-web-servicesamazon-s3terraformterraform-provider-aws

Terraform - Creating an AWS S3 Bucket Policy Error -MalformedPolicy: Unknown field version

I'm creating and working in a Terraform Project that creates an AWS S3 Bucket for use as a static website.

I have created a "Public Access Block" and added a further resource to create an "AWS S3 Bucket Policy" to Allow anyone public access to "GetObject" from the bucket/site.

Unfortunately when running a "terraform apply" command I receive an error:

Error: putting S3 Bucket (terraform-course-project-1-d4f420c9) Policy: operation error S3: PutBucketPolicy, https response error StatusCode: 400, RequestID: AN81J2DNCPWB9S2R, HostID: w93iACwvYDKdAv4a6ZyoYWf3u3TdFdQon+FrwvHb/qprNh27w7VMpSDS+Nry+Xa+XAttzJoQY4o237FHACL7Whd0qlhGNC16, api error MalformedPolicy: Unknown field version
│
│   with aws_s3_bucket_policy.static-website-public-read,
│   on s3.tf line 17, in resource "aws_s3_bucket_policy" "static-website-public-read":
│   17: resource "aws_s3_bucket_policy" "static-website-public-read" {

The code I'm using:

resource "random_id" "bucket_suffix" {
  byte_length = 4
}

resource "aws_s3_bucket" "static_website" {
  bucket = "terraform-project-s3-web-${random_id.bucket_suffix.hex}"
}

resource "aws_s3_bucket_public_access_block" "static_website" {
  bucket                  = aws_s3_bucket.static_website.id
  block_public_acls       = false
  block_public_policy     = false
  ignore_public_acls      = false
  restrict_public_buckets = false
}

resource "aws_s3_bucket_policy" "static-website-public-read" {
  bucket = aws_s3_bucket.static_website.id

  policy = jsonencode({
    version = "2012-10-17"
    Statement = [
      {
        Sid       = "PublicReadGetObject"
        Effect    = "Allow"
        Principal = "*"
        Action    = "s3:GetObject"
        Resource  = "${aws_s3_bucket.static_website.arn}/*"
      }
    ]
  })
}

How to get this policy to apply? I cannot find any information on internet crawl to explain the error, especially: "api error MalformedPolicy: Unknown field version".

Have read similar posts regarding the issue but none found for the "Unknown Field" error.

Solution

  • It is specifically saying:

    Unknown field version

    It is telling you the version field is unknown. I believe it is because the policy is case sensitive, and it should be Version with an uppercase V.

    Try comparing what you have to some examples in the official documentation.