AWS CloudFormation Rollback optimization guide as Expected for S3 Bucket Policy Updates
I'm performance testing and I'm working on a personal project and I'm currently working with an scenario with AWS CloudFormation where my stack is rolling back unexpectedly when I'm trying to update the policy of an existing S3 bucket. The stack update is meant to add a new `s3:PutObject` permission for a specific IAM role, but instead of applying the change, it rolls back, and I see the behavior message: `UPDATE_FAILED: AWS::S3::BucketPolicy MyBucketPolicy Update failed because the bucket policy is invalid.` I've double-checked the policy syntax, and it seems correct. Here's the relevant part of my CloudFormation template: ```yaml Resources: MyS3Bucket: Type: 'AWS::S3::Bucket' Properties: BucketName: my-example-bucket MyBucketPolicy: Type: 'AWS::S3::BucketPolicy' Properties: Bucket: !Ref MyS3Bucket PolicyDocument: Version: '2012-10-17' Statement: - Effect: Allow Action: - s3:PutObject Resource: !Sub 'arn:aws:s3:::${MyS3Bucket}/*' Principal: AWS: 'arn:aws:iam::123456789012:role/MyRole' ``` I verified that the IAM role has the correct permissions and the bucket itself exists. To troubleshoot, I tried applying the policy directly through the console, and it works without any issues. I also checked the CloudFormation logs, but there are no more details beyond the invalid policy behavior. Is there something specific in the CloudFormation syntax or policy that could cause this rollback? Any insights would be appreciated! My development environment is Linux. What am I doing wrong? My team is using Yaml for this service. Any advice would be much appreciated.