Borislav Hadzhiev
Last updated: Sep 28, 2021
Check out my new book
To solve the AWS Error "The policy must Contain a valid Version String" we
have to set the version element of the IAM policy to 2012-10-17
. The version
element defines the version of the policy language that AWS uses to interpret
the contents of your IAM policy.
For example, the following IAM policy sets the Version
element to the latest
version of the policy language - 2012-10-17
.
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "s3:Get*" ], "Resource": "*" } ] }
Version
element in the first row of the IAM policy.There are only 2 possible values for the Version
element in an IAM policy:
2012-10-17
- the latest version of the policy language, which should
always be used when creating policies. It enables us to use policy
variables, which are not implemented in the previous version
2008-10-17
- an earlier version of the policy language. You should never
use this version when creating IAM policies because it doesn't support all
the features the newer version supports
Version
element is not the version of the policy, rather it's the version of the policy language that AWS uses to interpret the IAM policy.The version of the policy is created automatically by IAM every time you update a customer managed policy.
When you change a managed policy the old policy does not get overridden, rather a new version of the policy is created.
If you want to view the versions of a managed policy:
Policy versions
tabAll of the previous versions of your IAM policy are preserved. To view any of them you can expand the specific version.