MalformedPolicy
aws
config_error
ai_generated
true
调用 PutBucketPolicy 操作时出错 (MalformedPolicy):策略长度为 X,但最大长度为 20480。
An error occurred (MalformedPolicy) when calling the PutBucketPolicy operation: Policy has a length of X but the maximum length is 20480.
ID: aws/s3-bucket-policy-too-large
85%修复率
88%置信度
1证据数
2024-03-15首次发现
版本兼容性
| 版本 | 状态 | 引入 | 弃用 | 备注 |
|---|---|---|---|---|
| aws-sdk-v2 | active | — | — | — |
| aws-cli/2.17.0 | active | — | — | — |
| boto3-1.34.0 | active | — | — | — |
根因分析
S3 存储桶策略超过 20 KB 的大小限制,包括空格和 JSON 格式。
English
S3 bucket policy exceeds the 20 KB size limit, including whitespace and JSON formatting.
官方文档
https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-policy-language-overview.html解决方案
-
使用工具(如 `jq -c`)压缩策略 JSON 并重试:`aws s3api put-bucket-policy --bucket my-bucket --policy "$(cat policy.json | jq -c)"`
-
将策略拆分为多个较小的策略,附加到不同资源(如 IAM 角色)上,而不是使用单个存储桶策略。
无效尝试
常见但无效的做法:
-
60% 失败
Removing comments from JSON doesn't reduce size enough; comments aren't allowed in JSON policies anyway.
-
40% 失败
Using a shorter bucket name doesn't significantly reduce policy size; the issue is the policy body.