It seems like `Version` is not the version of the policy that I am going to create but a set version number by AWS.

As stated by AWS documentation, version can be:

```
( version_block = &quot;Version&quot; : (&quot;2008-10-17&quot; | &quot;2012-10-17&quot;)
```

So, I changed it to `2012-10-17` and the policy is accepted.

According to https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements.html#Version:

“The Version element must appear before the Statement element. The only allowed values are these:

 - `2012-10-17`. This is the current version of the policy language, and you should use this version number for all policies.
 - `2008-10-17`. This was an earlier version of the policy language. You might see this version on existing policies. Do not use this version for any new policies or any existing policies that you are updating.”

You can also generate your own policy using generate policy option that you can find in the bottom of Bucket Policy tab

[![enter image description here][1]][1]


  [1]: https://i.stack.imgur.com/xbBhG.png

When you click on this option you will be redirected to below-mentioned URL:

    https://awspolicygen.s3.amazonaws.com/policygen.html

I got this error using the Serverless framework.

I had `Version: 2012-10-17` which was getting transformed to `&quot;Version&quot;: &quot;2012-10-17T00:00:00.000Z&quot;`

`Version: &quot;2012-10-17&quot;` fixed it.

[![enter image description here][1]][1]
I searched around the net and the solutions are too complicated. Is there any easy way to get rid of the &quot;Welcome Guide&quot; Screen?


  [1]: https://i.stack.imgur.com/HRxyT.png

How to get rid of Atom&#39;s Welcome screen

I&#39;m debugging some code at the moment, and I&#39;ve come across this line:

    for (std::size_t j = M; j &lt;= M; --j)

(Written by my boss, who&#39;s on holiday.)

It looks really odd to me.

What does it do? To me, it looks like an infinite loop.



A &#39;for&#39; loop that appears to be practically infinite

I am getting error &quot;This policy contains the following error: The policy must contain a valid version string For more information about the IAM policy grammar&quot;  even i included version in my policy when trying to create a new policy in AWS. My policy is

    {
      &quot;Version&quot;: &quot;2015-06-19&quot;,
      &quot;Statement&quot;: [
        {
          &quot;Effect&quot;: &quot;Allow&quot;,
          &quot;Action&quot;: &quot;s3:*&quot;,
          &quot;Resource&quot;: [
            &quot;arn:aws:s3:::repo.com&quot;,
            &quot;arn:aws:s3:::repo.com/*&quot;
          ]
        }
      ]
    }

AWS Policy must contain valid version string

I am getting error "This policy contains the following error: The policy must contain a valid version string For more information about the IAM policy grammar" even i included version in my policy when trying to create a new policy in AWS. My policy is
<pre><code class="hljs language-json">{
 "Version": "2015-06-19",
 "Statement": [
 {
 "Effect": "Allow",
 "Action": "s3:*",
 "Resource": [
 "arn:aws:s3:::repo.com",
 "arn:aws:s3:::repo.com/*"
 ]
 }
 ]
}
</code></pre>

I am getting an error when calling to `assume role` method of STS. It says that the user is not authorized to perform `sts:AsumeRole` on resource `xxx`.

I did the following:

 1. I created a role to access to S3 bucket.
 2. I ran a test over policy simulator and works fine
 3. I created a new group, and in it, i created a new policy that
    enables all sts actions, over all resources.
 4. I ran a test with the policy simulator, to sts assume role, pointing
    to the ARN of role created at step one; and it works fine
 5. I created a new user, and put it in group created at step 3
 6. With the credentials of the new user, i try to get a new credentials
    using sts asume role, but throw me an error that say my user is not
    authorized to perform sts:AssumeRole

What am I doing wrong?

Policy in Group

    {
        &quot;Version&quot;: &quot;2012-10-17&quot;,
        &quot;Statement&quot;: [
            {
                &quot;Sid&quot;: &quot;some-large-id&quot;,
                &quot;Effect&quot;: &quot;Allow&quot;,
                &quot;Action&quot;: [
                    &quot;sts:*&quot;
                ],
                &quot;Resource&quot;: [
                    &quot;*&quot;
                ]
            }
        ]
    }

Policy in role

    {
        &quot;Version&quot;: &quot;2012-10-17&quot;,
        &quot;Statement&quot;: [
            {
                &quot;Sid&quot;: &quot;another-large-id&quot;,
                &quot;Effect&quot;: &quot;Allow&quot;,
                &quot;Action&quot;: [
                    &quot;s3:PutObject&quot;
                ],
                &quot;Resource&quot;: [
                    &quot;arn:aws:s3:::my-bucket-name/*&quot;
                ]
            }
        ]
    }

And finally calling like this

    let policy = {
    	&quot;Version&quot;: &quot;2012-10-17&quot;,
    	&quot;Statement&quot;: [
    		{
    			&quot;Sid&quot;: &quot;new-custom-id&quot;,
    			&quot;Effect&quot;: &quot;Allow&quot;,
    			&quot;Action&quot;: [&quot;s3:PutObject&quot;],
    			&quot;Resource&quot;: [&quot;arn:aws:s3:::my-bucket-name/*&quot;]
    		}
    	]
    };
    
    let params = {
    	DurationSeconds: 3600, 
    	ExternalId: &#39;some-value&#39;, 
    	Policy: JSON.stringify(policy), 
    	RoleArn: &quot;arn:aws:iam::NUMBER:role/ROLE-NAME&quot;, //Cheked, role is the same that step one
    	RoleSessionName: this.makeNewSessionId()
    };
    let sts = new AWS.STS({ apiVersion: &#39;2012-08-10&#39; });
    
    sts.assumeRole(params, (err, data) =&gt; {
    	if(err) console.log(err);
    	else console.log(data);
    });

How enable access to AWS STS AssumeRole

I&#39;m trying to push a docker image to the AWS ECR repository using the aws-cli.

 - I just run the `get-login` command
 - execute the output (which returns `login succeeded`) 
 - then try to push a docker image then I get the
   message:  
`denied: Your Authorization Token has expired. Please run
   &#39;aws ecr get-login&#39; to fetch a new one.`

I don&#39;t know whats going wrong,  I&#39;m pushing to the right repo, the time on my mac is correct. 
This was working before, but since I reinstalled my mac and upgraded to macOS Sierra it&#39;s not working anymore, so probably related to that.

My `aws --version` output:

`aws-cli/1.11.34 Python/2.7.10 Darwin/16.3.0 botocore/1.4.91`

The complete output of the commands I run:

    $ aws ecr get-login --region eu-west-1
    docker login -u AWS -p AQECAHh....b6Wk -e none https://1234567890.dkr.ecr.eu-west-1.amazonaws.com
    $ docker login -u AWS -p AQECAHh....b6Wk -e none https://1234567890.dkr.ecr.eu-west-1.amazonaws.com
    Flag --email has been deprecated, will be removed in 1.13.
    Login Succeeded
    $ docker push 1234567890.dkr.ecr.eu-west-1.amazonaws.com/service-web:latest
    The push refers to a repository [1234567890.dkr.ecr.eu-west-1.amazonaws.com/service-web]
    c1f87971dfa9: Preparing 
    2eb644aea3de: Preparing 
    9c8843ffe48e: Preparing 
    39bb58d049d4: Preparing 
    f053bc969599: Preparing 
    7169084246b8: Waiting 
    bb134a1936fd: Waiting 
    184e76848a1c: Waiting 
    75c8fcf65748: Waiting 
    eb9b9ee1ea58: Waiting 
    f4bf35723edd: Waiting 
    ddffe1a64b3c: Waiting 
    fd1a1154db16: Waiting 
    b542e946067a: Waiting 
    d49ed2a5e1ed: Waiting 
    bb39b980367a: Waiting 
    25b8358d062f: Waiting 
    997eee521fc7: Waiting 
    50b5447183a8: Waiting 
    4339b5cb0e1d: Waiting 
    3dbd4a53b21b: Waiting 
    2bec16216500: Waiting 
    b9fd8e264df6: Waiting 
    b6ca02dfe5e6: Waiting 
    denied: Your Authorization Token has expired. Please run &#39;aws ecr get-login&#39; to fetch a new one.



`Authorization Token has expired` issue AWS-CLI on MacOS Sierra

I am using a JSON structure to store details of a person. Basically name, phone, registeredTimestamp etc., will be other attributes, and Primary key will be the email address.

markedLocations, visitedLocations, searchHistory and recommendation are the lists or Map as AWS calls it. It will contain many JSON objects.

JSON Structure-

    {
    	&quot;name&quot;:&quot;Mama Miya&quot;,
    	&quot;phone&quot;:&quot;9383883223&quot;,
    	&quot;registeredTimestamp&quot;:&quot;some-time&quot;,
    	&quot;lastActiveTimestamp&quot;:&quot;some-time&quot;,
    	&quot;signinType&quot;:&quot;facebook&quot;,
    	&quot;additionalSigninData&quot;:{
    		&quot;key1&quot;:&quot;value1&quot;,
    		&quot;key2&quot;:&quot;value2&quot;
    	},
    	&quot;markedLocations&quot;:[
    		{
    			&quot;latitude&quot;:&quot;77.33&quot;,
    			&quot;longitude&quot;:&quot;12.33&quot;,
    			&quot;name&quot;:&quot;Home&quot;,
    			&quot;description&quot;:&quot;my new home&quot;,
    			&quot;placeid&quot;:&quot;55334433&quot;,
    			&quot;image&quot;:&quot;url/abc.png&quot;
    		}
    	]
    }



From the app, if the user visits a new location, I need to add a new JSON Object to the *markedLocations*.
So the markedLocations should look something like-

    &quot;markedLocations&quot;:[
		{
			&quot;latitude&quot;:&quot;77.33&quot;,
			&quot;longitude&quot;:&quot;12.33&quot;,
			&quot;name&quot;:&quot;Home&quot;,
			&quot;description&quot;:&quot;my new home&quot;,
			&quot;placeid&quot;:&quot;55334433&quot;,
			&quot;image&quot;:&quot;url/abc.png&quot;
		},{
			&quot;latitude&quot;:&quot;22.11&quot;,
			&quot;longitude&quot;:&quot;22.55&quot;,
			&quot;name&quot;:&quot;Ocean&quot;,
			&quot;description&quot;:&quot;Ocean&quot;,
			&quot;placeid&quot;:&quot;32423423&quot;,
			&quot;image&quot;:&quot;url/icean.png&quot;
		}
	]

Code/Schema-

    var item = {
            &#39;email&#39;: {&#39;S&#39;: req.body.email},
            &#39;phone&#39;: {&#39;S&#39;: req.body.phone},
            &#39;registeredTimestamp&#39;: {&#39;S&#39;: req.body.registeredTimestamp},
            &#39;lastActiveTimestamp&#39;: {&#39;S&#39;: req.body.lastActiveTimestamp},
            &#39;signinType&#39;: {&#39;S&#39;: req.body.signinType},
            &#39;version&#39;: {&#39;S&#39;: req.body.version},
            &#39;markedLocations&#39;: {&#39;L&#39;: req.body.markedLocations}
        };

I checked -

- In DynamoDB how do I append an element to a list field using Java [link][1]

- updating a JSON array in AWS dynamoDB [link][2]

- Updating a Set in Dynamo db using Node Js [link][3]

- how to update item in dynamoDB using nodejs? [link][4]

- And checked AWS docs for [UpdateItem API][5]. I didn&#39;t find anything relevant to my problem/doubt.


Please can you tell me if there is a way to append the JSON array with a new JSON object in NodeJS? I am not able proceed on how to implement the same.

**OR**

Should I create separate table for each Array and have email as primary key and timestamp as sort key and proceed?


PS: I am new to DynamoDB, I&#39;ve worked with MongoDB earlier and there are ways to work with JSON arrays and objects there. Unable to find a way here.

  [1]: https://stackoverflow.com/questions/41177319/in-dynamodb-how-do-i-append-an-element-to-a-list-field-using-java
  [2]: https://stackoverflow.com/questions/40317443/updating-a-json-array-in-aws-dynamodb
  [3]: https://stackoverflow.com/questions/33708603/updating-a-set-in-dynamo-db-using-node-js
  [4]: https://stackoverflow.com/questions/33858475/how-to-update-item-in-dynamodb-using-nodejs
  [5]: http://docs.aws.amazon.com/amazondynamodb/latest/APIReference/API_UpdateItem.html

Append a new object to a JSON Array in DynamoDB using NodeJS

When I run CloudFormation `deploy` using a template with API Gateway resources, the first time I run it, it creates and deploys to stages. The subsequent times I run it, it updates the resources but doesn&#39;t deploy to stages.

Is that behaviour as intended?  If yes, how&#39;d I get it to deploy to stages whenever it updates?

(Terraform mentions a similar issue: https://github.com/hashicorp/terraform/issues/6613)


CloudFormation doesn&#39;t deploy to API gateway stages on update

I have an AWS api that proxies lamba functions. I currently use different endpoints with separate lambda functions:

    api.com/getData --&gt; getData
    api.com/addData --&gt; addData
    api.com/signUp --&gt; signUp

The process to manage all the endpoints and functions becomes cumbersome. Is there any disadvantage when I use a single endpoint to one lambda function which decides what to do based on the query string?

    api.com/exec&amp;func=getData --&gt; exec --&gt; if(params.func === &#39;getData&#39;) { ... }

aws api gateway &amp; lambda: multiple endpoint/functions vs single endpoint

After all the tough work of migration etc, I just realised that I need to serve the content using CNAME (e.g media.abc.com). The bucket name needs to start with media.abc.com/S3/amazon.com to ensure it works perfectly. 

I just realised that S3 doesn&#39;t allow direct rename from the console. 

Is there any way to work around this?

How to rename AWS S3 Bucket

When I log to my **S3 console** I am unable to download multiple selected files (the WebUI allows downloads only when one file is selected):

https://console.aws.amazon.com/s3

Is this something that can be changed in the user policy or is it a limitation of Amazon?


Amazon S3 console: download multiple files at once

Let&#39;s say that I have a machine that I want to be able to write to a certain log file stored on an S3 bucket.

So, the machine needs to have writing abilities to that bucket, but, I don&#39;t want it to have the ability to overwrite or delete any files in that bucket (including the one I want it to write to). 

So basically, I want my machine to be able to only append data to that log file, without overriding it or downloading it.

Is there a way to configure my S3 to work like that? Maybe there&#39;s some IAM policy I can attach to it so it will work like I want?

Append data to an S3 object

I have an S3 bucket that is 100% empty.  Versioning was never enabled on the bucket.  However, I still cannot remove the bucket.  I have tried via the Console and the CLI tool.  On the console it just says &quot;Error&quot; with no error message.  From the cli and api it tells me: &quot;An error occurred (BucketNotEmpty) when calling the DeleteBucket operation: The bucket you tried to delete is not empty&quot;.  I have tried all of the following:

`aws s3 rb s3://&lt;bucket_name&gt; --force` -&gt; BucketNotEmpty

`aws s3 rm s3://&lt;bucket_name&gt; --recursive` -&gt; No output (because it&#39;s already empty)

`aws s3api list-object-versions --bucket &lt;bucket_name&gt;` -&gt; No output (because versioning was never enabled)

`aws s3api list-multipart-uploads --bucket &lt;bucket_name&gt;` -&gt; No outputs

`aws s3api list-objects --delimiter=/ --prefix= --bucket &lt;bucket_name&gt;` -&gt; No Output (because it&#39;s empty)

* It has no dependencies (it&#39;s not used by cloudfront or anything else that I&#39;m aware of).
* The bucket has been empty for approximately 5 days.
* I was able to delete another very similar bucket with the same IAM user.  Additionally my IAM user has Admin access.

Content Type	Original Author	Original Content on Stackoverflow
Question	Raghavendra	View Question on Stackoverflow
Solution 1 - Amazon Web-Services	Raghavendra	View Answer on Stackoverflow
Solution 2 - Amazon Web-Services	Dave Land	View Answer on Stackoverflow
Solution 3 - Amazon Web-Services	Kartik Raja S	View Answer on Stackoverflow
Solution 4 - Amazon Web-Services	tschumann	View Answer on Stackoverflow

AWS Policy must contain valid version string

Amazon Web-Services Problem Overview

Amazon Web-Services Solutions

Solution 1 - Amazon Web-Services

Solution 2 - Amazon Web-Services

Solution 3 - Amazon Web-Services

Solution 4 - Amazon Web-Services

A 'for' loop that appears to be practically infinite

How to get rid of Atom's Welcome screen

Attributions