copilot-cli icon indicating copy to clipboard operation
copilot-cli copied to clipboard
verified publisher icon aws

Access Denied when trying to update S3 Public Access

Open ssyberg opened this issue 1 year ago • 1 comments

I just added this to my environment addon for managing my s3 bucket and I get access denied (which is particularly weird since this access key created this bucket).

      PublicAccessBlockConfiguration:
        BlockPublicAcls: false
        BlockPublicPolicy: false
        IgnorePublicAcls: false 
        RestrictPublicBuckets: false

I've tried explicitly adding this to the copilot generated execution role that appears to be used during an env deploy but it doesn't change anything:

        {
            "Effect": "Allow",
            "Action": [
                "s3:PutBucketPublicAccessBlock"
            ],
            "Resource": "*"
        }

I think this is directly related to this ticket, it's just generally unclear what permissions should be for the IAM user who's access key we're using (docs say not to use root but offer no other details) or these copilot generated execution roles.

ssyberg avatar Mar 28 '24 15:03 ssyberg

hey @ssyberg ! Thanks for +1 to the other issue. Sounds like after adding "PutBucketPublicAccessBlock" to your IAM user, the issue was resolved, is that correct?

Lou1415926 avatar Apr 05 '24 20:04 Lou1415926

This issue is stale because it has been open 60 days with no response activity. Remove the stale label, add a comment, or this will be closed in 14 days.

github-actions[bot] avatar Jun 05 '24 00:06 github-actions[bot]

This issue is closed due to inactivity. Feel free to reopen the issue if you have any further questions!

github-actions[bot] avatar Jun 19 '24 00:06 github-actions[bot]