amplify-backend
amplify-backend copied to clipboard
Published
20 hours ago •
aws-amplify
aws-amplify
Cannot grantPublicAccess on s3 bucket "Block Public Access" Account setting is Off
Environment information
System:
OS: Linux 5.15 Debian GNU/Linux 11 (bullseye) 11 (bullseye)
CPU: (16) x64 11th Gen Intel(R) Core(TM) i7-11800H @ 2.30GHz
Memory: 20.48 GB / 31.20 GB
Shell: /usr/bin/zsh
Binaries:
Node: 23.9.0 - ~/.nvm/versions/node/v23.9.0/bin/node
Yarn: undefined - undefined
npm: 10.9.2 - ~/.nvm/versions/node/v23.9.0/bin/npm
pnpm: undefined - undefined
NPM Packages:
@aws-amplify/auth-construct: 1.7.0
@aws-amplify/backend: 1.15.0
@aws-amplify/backend-ai: Not Found
@aws-amplify/backend-auth: 1.6.0
@aws-amplify/backend-cli: 1.4.12
@aws-amplify/backend-data: 1.5.0
@aws-amplify/backend-deployer: 1.1.19
@aws-amplify/backend-function: 1.13.0
@aws-amplify/backend-output-schemas: 1.5.0
@aws-amplify/backend-output-storage: 1.2.0
@aws-amplify/backend-secret: 1.3.0
@aws-amplify/backend-storage: 1.3.0
@aws-amplify/cli-core: 1.4.0
@aws-amplify/client-config: 1.6.0
@aws-amplify/data-construct: 1.16.0
@aws-amplify/data-schema: 1.20.5
@aws-amplify/deployed-backend-client: 1.6.0
@aws-amplify/form-generator: 1.0.4
@aws-amplify/model-generator: 1.1.0
@aws-amplify/platform-core: 1.7.0
@aws-amplify/plugin-types: 1.9.0
@aws-amplify/sandbox: 1.2.11
@aws-amplify/schema-generator: 1.2.7
aws-amplify: 6.13.3
aws-cdk: 2.1003.0
aws-cdk-lib: 2.190.0
typescript: 5.8.2
No AWS environment variables
No CDK environment variables
Describe the bug
My account has "Block Public Access" set to off
I'm trying to grant public access to a directory from backend.ts:
backend.storage.resources.bucket.grantPublicAccess("testDir/*");
But it fails to deploy with this error:
Failed resources:
amplify-arkmfg-jsanders-sandbox-89f9dbbfdc-storage0EC3F24A-1EYVN01ZR0C9A | 12:10:35 PM | UPDATE_FAILED | AWS::S3::BucketPolicy | storage/arkDriveTest-sandbox/Bucket/Policy (arkDriveTestsandboxBucketPolicyFE8450AE) Resource handler returned message:
"User: arn:aws:sts::253490754954:assumed-role/cdk-hnb659fds-cfn-exec-role-253490754954-us-west-1/AWSCloudFormation is not authorized to
perform: s3:PutBucketPolicy on resource: "arn:aws:s3:::amplify-arkmfg-jsanders-s-arkdrivetestsandboxbucke-jdrvl7lqpfsd" because public policies are
blocked by the BlockPublicPolicy block public access setting. (Service: S3, Status Code: 403, Request ID: 9CJJBP719C03579R, Extended Request ID:
PTcAPoASJLd0ezt1usRWJDyyBaRYHmXJ2rGsPHUWJ5DFaY74NlKGHOQ8d36rwBs6pBIJZuYXae8=) (SDK Attempt Count: 1)" (RequestToken: 0509f1b4-
cd7d-9d85-561b-f8999d36f533, HandlerErrorCode: AccessDenied)
amplify-arkmfg-jsanders-sandbox-89f9dbbfdc | 12:10:40 PM | UPDATE_FAILED | AWS::CloudFormation::Stack |
storage.NestedStack/storage.NestedStackResource (storage0EC3F24A) Embedded stack arn:aws:cloudformation:us-west-
1:253490754954:stack/amplify-arkmfg-jsanders-sandbox-89f9dbbfdc-storage0EC3F24A-1EYVN01ZR0C9A/980e23a0-245c-11f0-8662-023a700ab38b
was not successfully updated. Currently in UPDATE_ROLLBACK_IN_PROGRESS with reason: The following resource(s) failed to update:
[arkDriveTestsandboxBucketPolicyFE8450AE].
Unable to deploy due to insufficient permissions
Resolution: Ensure you have permissions to call s3:PutBucketPolicy for "arn:aws:s3:::amplify-arkmfg-jsanders-s-arkdrivetestsandboxbucke-
jdrvl7lqpfsd" because public policies are blocked by the BlockPublicPolicy block public access setting. (Service: S3, Status Code: 403, Request ID:
9CJJBP719C03579R, Extended Request ID: PTcAPoASJLd0ezt1usRWJDyyBaRYHmXJ2rGsPHUWJ5DFaY74NlKGHOQ8d36rwBs6pBIJZuYXae8=) (SDK
Attempt Count: 1)" (RequestToken: 0509f1b4-cd7d-9d85-561b-f8999d36f533, HandlerErrorCode: AccessDenied), Embedded stack
arn:aws:cloudformation:us-west-1:253490754954:stack/amplify-arkmfg-jsanders-sandbox-89f9dbbfdc-storage0EC3F24A-
1EYVN01ZR0C9A/980e23a0-245c-11f0-8662-023a700ab38b was not successfully updated. Currently in UPDATE_ROLLBACK_IN_PROGRESS with
reason: The following resource(s) failed to update: [arkDriveTestsandboxBucketPolicyFE8450AE].
It seems to be ignoring the account setting...
Reproduction steps
See description above.
