retail-demo-store
retail-demo-store copied to clipboard
aws-samples
Encountering an `Access Denied` error while deploying the Retail Demo Store CloudFormation stack, specifically with the `CleanupBucket` resource.
Steps to Reproduce
- Followed the deployment instructions from the Retail Demo Store repository.
- Created a GitHub Personal Access Token and configured the necessary parameters.
- Created an S3 staging bucket with the necessary permissions.
- Ran the CloudFormation stack deployment using the provided command.
Expected Results
The CloudFormation stack should deploy successfully without any errors.
Actual Results
Received the following error: The following resource(s) failed to create: [CleanupBucket]. Rollback requested by user. 2024-07-04 17:37:36 UTC+0530 CleanupBucket CREATE_FAILED S3 error: Access Denied For more information check http://docs.aws.amazon.com/AmazonS3/latest/API/ErrorResponses.html
Here is the IAM policy attached to my user (admin) { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": "", "Resource": "" } ] } and s3 bucket policy is:
{
"Version": "2012-10-17",
"Id": "PersonalizeS3BucketAccessPolicy",
"Statement": [
{
"Sid": "PersonalizeS3BucketAccessPolicy",
"Effect": "Allow",
"Principal": {
"Service": "personalize.amazonaws.com"
},
"Action": [
"s3:GetObject",
"s3:ListBucket"
],
"Resource": [
"arn:aws:s3:::
We have not encountered this error.
Can you check on your side:
- If you have organisation policies or roles/ploicies that would explicitly denies some actions for your user?
- Which resource was denied to be created, from the error it seems located inside the CleanupBucket sub-stack, is it
CleanupBucketLambdaFunctionCleanupBucketLambdaExecutionRoleor something else? - Cloudtrail at the time of the error to identify principals and the reason for the denied?
