AWS Cloud Formation failing with 403 s3 forbidden error

[maheshcheetirala]

Hello Developers, After creating the initial template and launching a project with sage maker studio project launch is failing saying cloud formation failed when i saw the error it says 403 forbidden s3 error I have given full s3 access and admin access to the role but still same issue, changed the s3 bucket name all possible solutions. Even tested in different vpc all those giving same error. can someone please run the template from your end and help us with possible solution. Role is given admin access as well.

[brightsparc]

Hi @maheshcheetirala, I assume you are referring to the stack with the SC- prefix that is created by SageMaker Studio with a new project.

• Can you confirm which region you are running the stack in - US East (N. Virginia) us-east-1?
• Can you also confirm you provided a valid email address for notifications?

[maheshcheetirala]

Hello Aws-Samples/Amazon-Sagemaker-Safe-Deployment-Pipeline,

Yes its us east 1 we have given the official email address. Even tried changing the bucket name in the cfn template getting created by studio but no luck. Added full permissions to IAM role still no luck , could someone help me with this? Thanks Mahesh

On Tue, 13 Jul, 2021, 4:07 am Julian, @.***> wrote:

Hi @maheshcheetirala https://github.com/maheshcheetirala, I assume you are referring to the stack with the SC- prefix that is created by SageMaker Studio with a new project.

• Can you confirm which region you are running the stack in - US East (N. Virginia) us-east-1?
• Can you also confirm you provided a valid email address for notifications?

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/aws-samples/amazon-sagemaker-safe-deployment-pipeline/issues/35#issuecomment-878643488, or unsubscribe https://github.com/notifications/unsubscribe-auth/AKRRSI7O3HPUNCQ4DFRZQYLTXNVDLANCNFSM5AADZ4RA .

[brightsparc]

Hi @maheshcheetirala are you getting this error when using the bash command? I have tested Launch Stack to create a new CFN in us-east-1 and I had no issues. Please provide some more detail with specific error message that are you seeing so I can debug further.

[maheshcheetirala]

Hello Julian, Thank you for taking time and responding to my email. I am attaching the steps followed and the error message.

[image: image.png]

Kindly advise me how to solve this problem.

Thanks Mahesh

On Fri, 16 Jul, 2021, 4:46 pm Julian, @.***> wrote:

Hi @maheshcheetirala https://github.com/maheshcheetirala are you getting this error when using the bash command? I have tested Launch Stack to create a new CFN in us-east-1 and I had no issues. Please provide some more detail with specific error message that are you seeing so I can debug further.

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/aws-samples/amazon-sagemaker-safe-deployment-pipeline/issues/35#issuecomment-881372157, or unsubscribe https://github.com/notifications/unsubscribe-auth/AKRRSIYD4KBZPGPNTREVL3TTYAIJJANCNFSM5AADZ4RA .

[samadwar]

I had same issue, check that your IAM role have CloudFormation in it's trust policy

[durgasury]

If people are still facing this issue - the "Launch Stack" button refers to a template that is missing this line that gives the ServiceCatalogLaunch role access to the bucket with seed code.

To resolve, either pull the template from the repo to create the stack, or if you already have the stack created, go to the AmazonSageMakerServiceCatalogProductsLaunchRole role in your IAM, and give it permissions to the s3 bucket amazon-sagemaker-safe-deployment-pipeline*.