Hello @jkwd, @sukhdeepjohar, and @TMosh
I went through the lab, and here are my observations.
-
Although there is an error showing on the bottom of policy page like the following, this doesn’t interfere with saving the changes to the policy. Hence, you don’t need to worry about it.
-
I once deleted the policy and then edited the empty policy. It works and there is no problem with doing so.
-
The grader seems to be working fine. After editing the S3 bucket policy you can get the complete grade.
-
I did a little research and tried several different policies. It seems like it is not possible to use the EC2 ARN instead of its IP in the S3 bucket policy. When S3 receives a request, it can check from which IP that request is sent and validate whether the IP has access or no, but I’m not sure if S3 can access the ARN of the request source. However, there is another and more popular way of doing what we did in this lab, and that’s with IAM roles. We can assign the EC2 instance with some IAM role, and then give that role access to the S3 using the policy. This is achieved through the
Principalkey in the policy. For more information, you can see here.
