# An error occurred (MalformedPolicy) when calling the PutBucketPolicy operation: Policy has a conditional using the wrong key or value - **ID:** `aws/s3-bucket-policy-conditional-check-failed` - **Domain:** aws - **Category:** config_error - **Error Code:** `MalformedPolicy` - **Verification:** ai_generated - **Fix Rate:** 88% ## Root Cause S3 bucket policy contains a Condition block with an invalid or unsupported condition key (e.g., aws:SourceIp with a non-IP value) or a malformed condition value. ## Version Compatibility | Version | Status | Introduced | Deprecated | |---------|--------|------------|------------| | AWS SDK v2 | active | — | — | | AWS CLI 2.15.0 | active | — | — | | S3 API 2006-03-01 | active | — | — | ## Workarounds 1. **Validate the condition key against the S3 documentation. For example, use aws:SourceIp with a valid CIDR block: `aws:SourceIp`: ["192.0.2.0/24"]** (90% success) ``` Validate the condition key against the S3 documentation. For example, use aws:SourceIp with a valid CIDR block: `aws:SourceIp`: ["192.0.2.0/24"] ``` 2. **Use the AWS Policy Simulator to test the policy before applying it: aws iam simulate-custom-policy --policy-input-list file://policy.json** (85% success) ``` Use the AWS Policy Simulator to test the policy before applying it: aws iam simulate-custom-policy --policy-input-list file://policy.json ``` 3. **Check for typos in condition key names (e.g., 'aws:SourceIp' vs 'aws:SourceIP') and ensure values are in the correct format (e.g., ARN for aws:SourceArn).** (95% success) ``` Check for typos in condition key names (e.g., 'aws:SourceIp' vs 'aws:SourceIP') and ensure values are in the correct format (e.g., ARN for aws:SourceArn). ``` ## Dead Ends - **** — The policy may be too permissive, exposing the bucket to unintended access. (60% fail) - **** — Condition keys like aws:SourceAccount or aws:SourceArn are account-specific and will fail validation. (70% fail) - **** — AWS condition keys are service-specific; using an unsupported key causes the policy to be rejected. (80% fail)