Solve - The policy must Contain a valid Version String

Solve - The policy must Contain a valid Version String #

To solve the AWS Error "The policy must Contain a valid Version String" we have to set the version element of the IAM policy to 2012-10-17. The version element defines the version of the policy language, that AWS uses to interpret the contents of your IAM policy.

For example, the following IAM policy sets the Version element to the latest version of the policy language - 2012-10-17.

Copied!
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "s3:Get*"
            ],
            "Resource": "*"
        }
    ]
}

There are only 2 possible values for the Version element in an IAM policy:

1. 2012-10-17 - the latest version of the policy language, which should always be used when creating policies. It enables us to use policy variables, which are not implemented in the previous version

2. 2008-10-17 - an earlier version of the policy language. You should never use this version when creating IAM policies, because it doesn't support all the features the newer version supports

The version of the policy is created automatically by IAM every time you update a customer managed policy.

When you change a managed policy the old policy does not get overridden, rather a new version of the policy is created.

If you want to view the versions of a managed policy:

1. open the IAM console
2. click on policies and click on the name of the policy
3. click on the Policy versions tab

All of the previous versions of your IAM policy are preserved. To view any of them you can expand the specific version.

Further Reading #

• AWS CDK Tutorial for Beginners - Step-by-Step Guide
• How does AWS CDK work
• What is a Token in AWS CDK
• CDK Constructs - Complete Guide
• What is an identifier (id) in AWS CDK
• How to use Context in AWS CDK
• How to use Parameters in AWS CDK