{
  "id": "aws/s3-bucket-policy-too-large",
  "signature": "An error occurred (MalformedPolicy) when calling the PutBucketPolicy operation: Policy has a length of X but the maximum length is 20480.",
  "signature_zh": "调用 PutBucketPolicy 操作时出错 (MalformedPolicy)：策略长度为 X，但最大长度为 20480。",
  "regex": "MalformedPolicy.*Policy has a length of \\d+ but the maximum length is 20480",
  "domain": "aws",
  "category": "config_error",
  "subcategory": null,
  "root_cause": "S3 bucket policy exceeds the 20 KB size limit, including whitespace and JSON formatting.",
  "root_cause_type": "generic",
  "root_cause_zh": "S3 存储桶策略超过 20 KB 的大小限制，包括空格和 JSON 格式。",
  "versions": [
    {
      "version": "aws-sdk-v2",
      "introduced": null,
      "deprecated": null,
      "removed": null,
      "behavior_change": null,
      "status": "active"
    },
    {
      "version": "aws-cli/2.17.0",
      "introduced": null,
      "deprecated": null,
      "removed": null,
      "behavior_change": null,
      "status": "active"
    },
    {
      "version": "boto3-1.34.0",
      "introduced": null,
      "deprecated": null,
      "removed": null,
      "behavior_change": null,
      "status": "active"
    }
  ],
  "os_specific": {},
  "dead_ends": [
    {
      "action": "",
      "why_fails": "Removing comments from JSON doesn't reduce size enough; comments aren't allowed in JSON policies anyway.",
      "fail_rate": 0.6,
      "condition": "",
      "sources": []
    },
    {
      "action": "",
      "why_fails": "Using a shorter bucket name doesn't significantly reduce policy size; the issue is the policy body.",
      "fail_rate": 0.4,
      "condition": "",
      "sources": []
    }
  ],
  "workarounds": [
    {
      "action": "Minify the policy JSON using a tool like `jq -c` and retry: `aws s3api put-bucket-policy --bucket my-bucket --policy \"$(cat policy.json | jq -c)\"`",
      "success_rate": 0.9,
      "how": "Minify the policy JSON using a tool like `jq -c` and retry: `aws s3api put-bucket-policy --bucket my-bucket --policy \"$(cat policy.json | jq -c)\"`",
      "condition": "",
      "sources": []
    },
    {
      "action": "Split the policy into multiple smaller policies attached to different resources (e.g., IAM roles) instead of one bucket policy.",
      "success_rate": 0.75,
      "how": "Split the policy into multiple smaller policies attached to different resources (e.g., IAM roles) instead of one bucket policy.",
      "condition": "",
      "sources": []
    }
  ],
  "workarounds_zh": [
    "使用工具（如 `jq -c`）压缩策略 JSON 并重试：`aws s3api put-bucket-policy --bucket my-bucket --policy \"$(cat policy.json | jq -c)\"`",
    "将策略拆分为多个较小的策略，附加到不同资源（如 IAM 角色）上，而不是使用单个存储桶策略。"
  ],
  "transition_graph": {
    "leads_to": [],
    "preceded_by": [],
    "frequently_confused_with": []
  },
  "official_doc_url": "https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-policy-language-overview.html",
  "official_doc_section": null,
  "error_code": "MalformedPolicy",
  "verification_tier": "ai_generated",
  "confidence": 0.88,
  "fix_success_rate": 0.85,
  "resolvable": "true",
  "first_seen": "2024-03-15",
  "last_confirmed": "2024-06-01",
  "last_updated": "2024-06-01",
  "evidence_count": 1,
  "tags": [],
  "locale": "en",
  "aliases": []
}