CodexBloom - Programming Q&A Platform

AWS CloudFormation Rollback Causing S3 Bucket Policy to Not Take Effect

๐Ÿ‘€ Views: 14 ๐Ÿ’ฌ Answers: 1 ๐Ÿ“… Created: 2025-07-15
aws cloudformation s3 iam yaml

I just started working with I've spent hours debugging this and I've been struggling with this for a few days now and could really use some help... I'm working with an scenario where my AWS CloudFormation stack is rolling back, and as a result, the S3 bucket policy isn't being applied as expected. I have a CloudFormation template that creates an S3 bucket and applies a policy that allows a specific IAM role to access it. However, when I try to deploy the stack, it fails and rolls back, leading to the policy not being set. Hereโ€™s a snippet of my CloudFormation template for the S3 bucket and policy: ```yaml Resources: MyS3Bucket: Type: AWS::S3::Bucket Properties: BucketName: my-unique-bucket-name MyBucketPolicy: Type: AWS::S3::BucketPolicy Properties: Bucket: Ref: MyS3Bucket PolicyDocument: Version: '2012-10-17' Statement: - Effect: Allow Principal: AWS: arn:aws:iam::123456789012:role/MyRole Action: s3:GetObject Resource: !Sub 'arn:aws:s3:::my-unique-bucket-name/*' ``` When I deploy this, I get the following behavior in the CloudFormation events: ``` Resource handler returned message: "Invalid bucket policy. See the details in CloudTrail Log: bucket policy is malformed." ``` Iโ€™ve double-checked the IAM role ARN and the bucket name to ensure they are correct, and I also verified that the S3 bucket does not already exist. I tried simplifying the policy to just allow public access to see if it would work, but the stack still rolls back. Moreover, Iโ€™ve enabled CloudTrail logging to track the API calls, but I canโ€™t find any additional insights as to why the policy would be considered malformed. Iโ€™m using the latest AWS CLI and CloudFormation version, and I've tried running the same deployment in multiple regions, but the scenario continues. Has anyone experienced a similar scenario with CloudFormation and S3 bucket policies? Any advice on how to debug this would be greatly appreciated. I'm working on a web app that needs to handle this. Any help would be greatly appreciated! Any ideas what could be causing this? For reference, this is a production service. Has anyone else encountered this?