IAM create-policy: unknown error

I’m trying to set a policy on a bucket to limit the upload size to 25 Mb.

The policy is defined below:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "LimitFileUploadsTest",
            "Effect": "Deny",
            "Principal": "*",
            "Action": "s3:PutObject",
            "Resource": "arn:aws:s3:::testbucket/*",
            "Condition":
            {
                "NumericGreaterThan":
                {
                    "s3:content-length": 26214400
                }
            }
        }
    ]
}

When I run the command

aws iam --endpoint-url https://fly.iam.storage.tigris.dev create-policy --policy-name=LimitFileUploadsTest --policy-document file:///path/to/file-upload-limit-policy-test.json

Tigris returns the error:

An error occurred (Unknown) when calling the CreatePolicy operation: Unknown

The AWS CLI is configured correctly as I can list my buckets. I have further followed the steps in the documentation and have defined an Access Key with Admin Access.

Any ideas what I’m doing wrong? The error does not give me any directions…

Thanks in advance.

Hello @hakoptak

In regards to your IAM policy doc. we don’t support NumericGreaterThan just yet. We are working on enriching IAM featuresets and this will be one of the item to support.

Regarding the error message - we introduced a bug and I will fix it, bug fix will be available by today/tomorrow.

Thanks!
Jigar

Thanks for following up. Good to know that the IAM feature set is extended soon. I’ll wait for it.

As of my writing I still get the undefined error.

By the way: although I keep runing into unfinished or rough edge cases, I do love this personal support from the founders. Keep up the good work. I’ll let you know when I run into something unexpected.

Hello @jmj, I’ve just re-run the create-policy command and Tigris now returns something like:

{
    "Policy": {
        "PolicyName": "LimitFileUploadsTest",
        "PolicyId": "UUID",
        "Arn": "arn:aws:iam::flyio_xyz:policy/LimitFileUploadsTest",
        "Path": "/",
        "DefaultVersionId": "1",
        "AttachmentCount": 0,
        "Description": "",
        "CreateDate": "2024-11-26T21:35:49.796000+00:00",
        "UpdateDate": "2024-11-26T21:40:08.193000+00:00"
    }
}

This suggests that the policy is created, though I don’t fully understand the response. Also, when I upload a file larger than 25 Mb it is still accepted.

Is this because the NumericGreaterThan is still not yet supported?

Hi @hakoptak ,

Policy is created yes but condition is not yet enforced. As this condition is not yet supported. Ideally this policy should have failed to create with the error message about unsupported conditions. As next step, I will work on adding this condition NumericGreaterThan and update on this thread back.

1 Like

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.