. Advertisement .
..3..
. Advertisement .
..4..
A bucket is known as a storing container for objects in Amazon S3. Accordingly, any amount of objects can be stored in the S3 bucket. Moreover, you can contain over 100 buckets for your account. A bucket brings you a lot of functionalities.
There are options of access control provided by the S3 bucket which you can use for managing access to the resources in Amazon S3. Hence, if you perform any operation on a resource, it will need bucket permission. Then, sometimes you probably encounter the error “Action does not apply to any resources“. Let’s figure out how to resolve it in this article!
1. When Does the Error “Action Does Not Apply to Any Resources” Occur?
The error “Action does not apply to any resources” occurs when it identifies that you are trying to attach statements to a bucket policy, where there is no specified allowance for applying any action to the resource.
For example, you should apply the actions with the word Bucket included (GetBucketPolicy, ListBucket, GetBucketAcl) to the ARN bucket resource (arn:aws:s3:::my-bucket). You should apply the actions with the word object included (PutObject, GetObject, DeleteObject) to the resource within the bucket (arn:aws:s3:::my-bucket/*).
2. How to Solve the Error “Action Does not Apply to any Resources”?
To solve this error, replace the field of Resource with the ARN of the bucket for Bucket-specific actions and with the ARN within the bucket for Object-specific actions.
The GetObject and ListBucket actions are granted into 2 different policy statements by the below bucket policy because the Actions are put into different resources.
bucket-policy.json
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": "*",
"Action": [
"s3:GetObject"
],
"Resource": "arn:aws:s3:::YOUR_BUCKET_NAME/*"
},
{
"Effect": "Allow",
"Action": [
"s3:ListBucket"
],
"Principal": {
"AWS": "arn:aws:iam::YOUR_ACCOUNT_NUMBER:user/YOUR_USERNAME"
},
"Resource": "arn:aws:s3:::YOUR_BUCKET_NAME"
}
]
}
Note: Ensure that the placeholder YOUR_BUCKET_NAME is replaced with your bucket name.
We have 2 policy statements in the bucket example:
- All users are allowed to perform the action GetObject (set the readable mode in public for the bucket). Keep in mind that users can apply the action GetObject in all resources within the bucket – arn:aws:s3:::YOUR_BUCKET_NAME/*.
- A certain IAM user is allowed to perform the action ListBucket. Keep in mind that only the bucket itself can apply the action ListBucket.
If you intend to have additional actions including Bucket such as ListBucketVersions or ListBucketMultipartUploads, the ARN as the plain bucket must be contained as a resource.
Whereas, if you intend to have additional actions including Object such as DeleteObject or PutObject, the Resource must be contained within the bucket.
Note: Simply, the error “Action does not apply to any resources” indicates that the Actions is not specified to apply to Resources by the IAM policy. Hence, to deal with this issue, we should fix the field of Resource in the policy.
You can easily identify the presence of the resource field by looking at the table of AWS S3 Actions. “ctrl + f” can be used for searching for certain action names and seeing their resource type. For instance, the ListBucket action contains the bucket as Resource type.
......... ADVERTISEMENT .........
..8..
Remember that the type of resource is the hyperlink. When clicking on it, you would see ARN that must be specified as a Resource in the statement of policy.
......... ADVERTISEMENT .........
..8..
In the above screenshot, the ARN displays the complete template of the Resource field for the ListBucket action. Then, you should change the placeholder ${Partition} by aws and the ${BucketName} by the bucket name.
Similarly, when looking at the action GetObject, you would see that the type of Resource is an object.
......... ADVERTISEMENT .........
..8..
When clicking on the hyperlink, the screen will display an expected template of ARN for the resource field.
......... ADVERTISEMENT .........
..8..
Note: Each AWS service contains a table that lists the resources, actions, and conditional keys. Those can be used while writing the IAM policies. This blog has shown you how to solve the error “Action does not apply to any resources” in S3. Besides, you can explore more posts on our website for more IT solutions.
Leave a comment