Skip to content

Commit 186d374

Browse files
docs-sourcer[bot]docs-sourcer[bot]
authored
Knowledge base updates (#631)
* Updated with the latest changes from the knowledge base discussions. --------- Co-authored-by: docs-sourcer[bot] <99042413+docs-sourcer[bot]@users.noreply.github.com>
1 parent f0d2ca1 commit 186d374

File tree

4 files changed

+83
-2
lines changed

4 files changed

+83
-2
lines changed

docs/discussions/knowledge-base/137.mdx

Lines changed: 2 additions & 2 deletions
Large diffs are not rendered by default.

docs/discussions/knowledge-base/651.mdx

Lines changed: 27 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,27 @@
1+
---
2+
hide_table_of_contents: true
3+
hide_title: true
4+
custom_edit_url: null
5+
---
6+
7+
import CenterLayout from "/src/components/CenterLayout"
8+
import GitHub from "/src/components/GitHub"
9+
10+
<head>
11+
<link rel="canonical" href="https://github.com/gruntwork-io/knowledge-base/discussions/651" />
12+
</head>
13+
14+
<CenterLayout>
15+
<span className="searchCategory">Knowledge Base</span>
16+
<h1>MalformedPolicy: Invalid principal in policy</h1>
17+
<GitHub discussion={{"id":"D_kwDOF8slf84ASVIU","number":651,"author":{"login":"andi-pangeran"},"title":"MalformedPolicy: Invalid principal in policy","body":"\nHi, \r\n\r\nNeed help, I got this error on provisioning public-static-website to (ap-southeast-3 region) using terraform-aws-service-catalog version 0.100.0\r\n\r\n```\r\nmodule.cloudfront.module.access_logs[0].aws_s3_bucket_policy.bucket_policy[0]: Creating...\r\nmodule.static_website.aws_s3_bucket_policy.website[0]: Modifying... [id=edo.xxxx.com]\r\nmodule.static_website.aws_s3_bucket_policy.website[0]: Modifications complete after 0s [id=edo.xxxx.com]\r\nmodule.cloudfront.module.access_logs[0].aws_s3_bucket_policy.bucket_policy[0]: Still creating... [10s elapsed]\r\nmodule.cloudfront.module.access_logs[0].aws_s3_bucket_policy.bucket_policy[0]: Still creating... [20s elapsed]\r\nmodule.cloudfront.module.access_logs[0].aws_s3_bucket_policy.bucket_policy[0]: Still creating... [30s elapsed]\r\nmodule.cloudfront.module.access_logs[0].aws_s3_bucket_policy.bucket_policy[0]: Still creating... [40s elapsed]\r\nmodule.cloudfront.module.access_logs[0].aws_s3_bucket_policy.bucket_policy[0]: Still creating... [50s elapsed]\r\n╷\r\n│ Error: Error putting S3 policy: MalformedPolicy: Invalid principal in policy\r\n│ \tstatus code: 400, request id: 1SW2NGZYREGCX0YP, host id: u2nGs1sUcy3uxBIkhLr9Yu2gAkdd3ngTZmIsYUg9Mnctb5xer+Y9r2Dcig0IqQ35obzqSunQBjg=\r\n│\r\n│ with module.cloudfront.module.access_logs[0].aws_s3_bucket_policy.bucket_policy[0],\r\n│ on .terraform/modules/cloudfront.access_logs/modules/private-s3-bucket/main.tf line 429, in resource \"aws_s3_bucket_policy\" \"bucket_policy\":\r\n│ 429: resource \"aws_s3_bucket_policy\" \"bucket_policy\" {\r\n│\r\n╵\r\nERRO[0086] 1 error occurred:\r\n\t* exit status 1\r\n```\t\r\n\r\ndetails input :\r\n```\r\ninputs = {\r\n restrict_bucket_access_to_cloudfront = true\r\n create_route53_entry = true\r\n base_domain_name = local.account_vars.locals.domain_name.name\r\n website_domain_name = \"edo.${local.account_vars.locals.domain_name.name}\"\r\n acm_certificate_domain_name = \"${local.account_vars.locals.domain_name.name}\"\r\n security_header_content_security_policy = \"default-src 'self'; base-uri 'self'; block-all-mixed-content; font-src 'self' https: data:; form-action 'self'; frame-ancestors 'self'; img-src 'self' data:; object-src 'none'; script-src 'self' blob:; script-src-attr 'none'; style-src 'self' https: 'unsafe-inline'; upgrade-insecure-requests\"\r\n\r\n error_responses = {\r\n 404 = {\r\n response_code = 200\r\n response_page_path = \"index.html\"\r\n error_caching_min_ttl = 10\r\n }\r\n }\r\n\r\n force_destroy = true\r\n}\r\n```\r\n\t\n\n---\n\n<ins datetime=\"2023-01-30T12:15:33Z\">\n <p><a href=\"https://support.gruntwork.io/hc/requests/109848\">Tracked in ticket #109848</a></p>\n</ins>\n","bodyHTML":"<p dir=\"auto\">Hi,</p>\n<p dir=\"auto\">Need help, I got this error on provisioning public-static-website to (ap-southeast-3 region) using terraform-aws-service-catalog version 0.100.0</p>\n<div class=\"snippet-clipboard-content notranslate position-relative overflow-auto\" data-snippet-clipboard-copy-content=\"module.cloudfront.module.access_logs[0].aws_s3_bucket_policy.bucket_policy[0]: Creating...\nmodule.static_website.aws_s3_bucket_policy.website[0]: Modifying... [id=edo.xxxx.com]\nmodule.static_website.aws_s3_bucket_policy.website[0]: Modifications complete after 0s [id=edo.xxxx.com]\nmodule.cloudfront.module.access_logs[0].aws_s3_bucket_policy.bucket_policy[0]: Still creating... [10s elapsed]\nmodule.cloudfront.module.access_logs[0].aws_s3_bucket_policy.bucket_policy[0]: Still creating... [20s elapsed]\nmodule.cloudfront.module.access_logs[0].aws_s3_bucket_policy.bucket_policy[0]: Still creating... [30s elapsed]\nmodule.cloudfront.module.access_logs[0].aws_s3_bucket_policy.bucket_policy[0]: Still creating... [40s elapsed]\nmodule.cloudfront.module.access_logs[0].aws_s3_bucket_policy.bucket_policy[0]: Still creating... [50s elapsed]\n╷\n│ Error: Error putting S3 policy: MalformedPolicy: Invalid principal in policy\n│ \tstatus code: 400, request id: 1SW2NGZYREGCX0YP, host id: u2nGs1sUcy3uxBIkhLr9Yu2gAkdd3ngTZmIsYUg9Mnctb5xer+Y9r2Dcig0IqQ35obzqSunQBjg=\n│\n│ with module.cloudfront.module.access_logs[0].aws_s3_bucket_policy.bucket_policy[0],\n│ on .terraform/modules/cloudfront.access_logs/modules/private-s3-bucket/main.tf line 429, in resource &quot;aws_s3_bucket_policy&quot; &quot;bucket_policy&quot;:\n│ 429: resource &quot;aws_s3_bucket_policy&quot; &quot;bucket_policy&quot; {\n│\n╵\nERRO[0086] 1 error occurred:\n\t* exit status 1\"><pre class=\"notranslate\"><code class=\"notranslate\">module.cloudfront.module.access_logs[0].aws_s3_bucket_policy.bucket_policy[0]: Creating...\nmodule.static_website.aws_s3_bucket_policy.website[0]: Modifying... [id=edo.xxxx.com]\nmodule.static_website.aws_s3_bucket_policy.website[0]: Modifications complete after 0s [id=edo.xxxx.com]\nmodule.cloudfront.module.access_logs[0].aws_s3_bucket_policy.bucket_policy[0]: Still creating... [10s elapsed]\nmodule.cloudfront.module.access_logs[0].aws_s3_bucket_policy.bucket_policy[0]: Still creating... [20s elapsed]\nmodule.cloudfront.module.access_logs[0].aws_s3_bucket_policy.bucket_policy[0]: Still creating... [30s elapsed]\nmodule.cloudfront.module.access_logs[0].aws_s3_bucket_policy.bucket_policy[0]: Still creating... [40s elapsed]\nmodule.cloudfront.module.access_logs[0].aws_s3_bucket_policy.bucket_policy[0]: Still creating... [50s elapsed]\n╷\n│ Error: Error putting S3 policy: MalformedPolicy: Invalid principal in policy\n│ \tstatus code: 400, request id: 1SW2NGZYREGCX0YP, host id: u2nGs1sUcy3uxBIkhLr9Yu2gAkdd3ngTZmIsYUg9Mnctb5xer+Y9r2Dcig0IqQ35obzqSunQBjg=\n│\n│ with module.cloudfront.module.access_logs[0].aws_s3_bucket_policy.bucket_policy[0],\n│ on .terraform/modules/cloudfront.access_logs/modules/private-s3-bucket/main.tf line 429, in resource \"aws_s3_bucket_policy\" \"bucket_policy\":\n│ 429: resource \"aws_s3_bucket_policy\" \"bucket_policy\" {\n│\n╵\nERRO[0086] 1 error occurred:\n\t* exit status 1\n</code></pre></div>\n<p dir=\"auto\">details input :</p>\n<div class=\"snippet-clipboard-content notranslate position-relative overflow-auto\" data-snippet-clipboard-copy-content=\"inputs = {\n restrict_bucket_access_to_cloudfront = true\n create_route53_entry = true\n base_domain_name = local.account_vars.locals.domain_name.name\n website_domain_name = &quot;edo.${local.account_vars.locals.domain_name.name}&quot;\n acm_certificate_domain_name = &quot;${local.account_vars.locals.domain_name.name}&quot;\n security_header_content_security_policy = &quot;default-src 'self'; base-uri 'self'; block-all-mixed-content; font-src 'self' https: data:; form-action 'self'; frame-ancestors 'self'; img-src 'self' data:; object-src 'none'; script-src 'self' blob:; script-src-attr 'none'; style-src 'self' https: 'unsafe-inline'; upgrade-insecure-requests&quot;\n\n error_responses = {\n 404 = {\n response_code = 200\n response_page_path = &quot;index.html&quot;\n error_caching_min_ttl = 10\n }\n }\n\n force_destroy = true\n}\"><pre class=\"notranslate\"><code class=\"notranslate\">inputs = {\n restrict_bucket_access_to_cloudfront = true\n create_route53_entry = true\n base_domain_name = local.account_vars.locals.domain_name.name\n website_domain_name = \"edo.${local.account_vars.locals.domain_name.name}\"\n acm_certificate_domain_name = \"${local.account_vars.locals.domain_name.name}\"\n security_header_content_security_policy = \"default-src 'self'; base-uri 'self'; block-all-mixed-content; font-src 'self' https: data:; form-action 'self'; frame-ancestors 'self'; img-src 'self' data:; object-src 'none'; script-src 'self' blob:; script-src-attr 'none'; style-src 'self' https: 'unsafe-inline'; upgrade-insecure-requests\"\n\n error_responses = {\n 404 = {\n response_code = 200\n response_page_path = \"index.html\"\n error_caching_min_ttl = 10\n }\n }\n\n force_destroy = true\n}\n</code></pre></div>\n<hr>\n<ins datetime=\"2023-01-30T12:15:33Z\">\n <p dir=\"auto\"><a href=\"https://support.gruntwork.io/hc/requests/109848\" rel=\"nofollow\">Tracked in ticket #109848</a></p>\n</ins>","answer":{"body":"Hi @andi-pangeran,\r\n\r\nAs discussed in other replies, CloudFront doesn't deliver standard logs to buckets in some regions, and for those cases, you need to use `var.disable_logging` which is now exposed to module public-static-website on the service catalog as of v0.100.5:\r\nhttps://github.com/gruntwork-io/terraform-aws-service-catalog/releases/tag/v0.100.5","bodyHTML":"<p dir=\"auto\">Hi <a class=\"user-mention notranslate\" data-hovercard-type=\"user\" data-hovercard-url=\"/users/andi-pangeran/hovercard\" data-octo-click=\"hovercard-link-click\" data-octo-dimensions=\"link_type:self\" href=\"https://github.com/andi-pangeran\">@andi-pangeran</a>,</p>\n<p dir=\"auto\">As discussed in other replies, CloudFront doesn't deliver standard logs to buckets in some regions, and for those cases, you need to use <code class=\"notranslate\">var.disable_logging</code> which is now exposed to module public-static-website on the service catalog as of v0.100.5:<br>\n<a href=\"https://github.com/gruntwork-io/terraform-aws-service-catalog/releases/tag/v0.100.5\">https://github.com/gruntwork-io/terraform-aws-service-catalog/releases/tag/v0.100.5</a></p>"}}} />
18+
19+
</CenterLayout>
20+
21+
22+
<!-- ##DOCS-SOURCER-START
23+
{
24+
"sourcePlugin": "github-discussions",
25+
"hash": "ebbaf216b0ab8e797b2363712752651c"
26+
}
27+
##DOCS-SOURCER-END -->

0 commit comments

Comments
 (0)