AWS Policy must contain valid version string

81
votes

I am getting error "This policy contains the following error: The policy must contain a valid version string For more information about the IAM policy grammar" even i included version in my policy when trying to create a new policy in AWS. My policy is

{
  "Version": "2015-06-19",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": "s3:*",
      "Resource": [
        "arn:aws:s3:::repo.com",
        "arn:aws:s3:::repo.com/*"
      ]
    }
  ]
}
3
amazon-web-servicesamazon-s3

3 Answers

128
votes

It seems like Version is not the version of the policy that I am going to create but a set version number by AWS.

As stated by AWS documentation, version can be:

( version_block = "Version" : ("2008-10-17" | "2012-10-17")

So, I changed it to 2012-10-17 and the policy is accepted.

48
votes

According to https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements.html#Version:

“The Version element must appear before the Statement element. The only allowed values are these:

  • 2012-10-17. This is the current version of the policy language, and you should use this version number for all policies.
  • 2008-10-17. This was an earlier version of the policy language. You might see this version on existing policies. Do not use this version for any new policies or any existing policies that you are updating.”
4
votes

You can also generate your own policy using generate policy option that you can find in the bottom of Bucket Policy tab

enter image description here

When you click on this option you will be redirected to below-mentioned URL:

https://awspolicygen.s3.amazonaws.com/policygen.html