serverless-s3-sync icon indicating copy to clipboard operation
serverless-s3-sync copied to clipboard

Published 20 hours ago verified publisher icon k1LoW

Access Denied

Open nicpillinger opened this issue 6 years ago • 3 comments

My deploy account has full aws admin access and yet when it gets to the s3 sync part it fails with access denied? https://www.dropbox.com/s/1o4w2g0ohvdhfwn/Screenshot%202018-10-15%2017.06.37.png?dl=0

My yaml is very simple - here's the relevant bits:

custom:
  s3Sync:
    - bucketName: mybucketname
      localDir: emails/assets
      acl: public-read

resources:
  Resources:
    EmailAssetsBucket:
      Type: AWS::S3::Bucket
      Properties:
        BucketName: mybucketname
        AccessControl: PublicRead

The s3 bucket is created as part of the standard serverless deploy and I can see it in aws - I can't see what s3-sync is doing which is failing?

nicpillinger avatar Oct 15 '18 16:10 nicpillinger

Having the same issue, the user is allowed to s3:* on *, can't see why it's not working...

kabo avatar Feb 24 '19 00:02 kabo

Just installed with no issues. Check to make sure you have aws credentials on your machine. https://docs.aws.amazon.com/sdk-for-java/v1/developer-guide/setup-credentials.html

icarus-sullivan avatar Feb 28 '19 23:02 icarus-sullivan

I think it may be related to the fact that our bucket policy doesn't allow unencrypted uploads.

BucketPolicy:

            - Sid: DenyUnEncryptedObjectUploads
              Effect: Deny
              Principal: "*"
              Action: "s3:PutObject"
              Resource: "#{Bucket.Arn}/*"
              Condition:
                StringNotEquals:
                   "s3:x-amz-server-side-encryption": "aws:kms"

Our aws cli command that works:

aws s3 sync --sse aws:kms --delete ./resources s3://bucket/resources

kabo avatar Mar 02 '19 07:03 kabo