s3-website
s3-website copied to clipboard
klaemo
FIles uploading but getting an AccessDenied: Access Denied
I'm using this module in API mode. All the files get uploaded but an error is thrown and the DONE console log doesn't get called.
Here's my code:
const config = {
region: 'eu-west-2',
domain: 'bucket.name',
deploy: true,
index: 'index.html',
uploadDir: './public/'
};
function deploySite () {
process.env.AWS_ACCESS_KEY_ID = 'XXXXXXXXXXX';
process.env.AWS_SECRET_ACCESS_KEY = 'XXXXXXXXXXX';
const AWS = require('aws-sdk');
const s3 = new AWS.S3({
region: config.region,
});
const deploy = require('s3-website').deploy;
deploy(s3, config, (err, website) => {
if(err) {
throw err;
}
console.log('DONE');
});
});
}
And here's the error:
throw err;
^
AccessDenied: Access Denied
Do you know what might be going on here? Many thanks!
Do you know what the permissions are of the User the credentials correspond to? It could potentially be that you don't have access to s3 with those credentials.
Thanks for the speedy reply @nick-benoit14!
I'm not sure it is an S3 credentials issue. I've been using these credentials successfully with the grunt-awsmodule, and the files are being uploaded successfully.
But I'd be happy to try some tests if you can think of anything that might help...
@bravokiloecho I hate to ask you to dig into the code, but I am not sure how to reproduce this locally. So I will just tell you where I would look first, and then maybe over the weekend I will have more luck reproducing this.
On line 497 in index.js is where putWebsiteContent, which is what is the function you are using asdeploy. I would check the following:
-
Does the call to
s3diffreturn? - We use s3-diff to check to see what files we actually need to send up. Since we make a call to s3 here, this could be where the issue is. I would check this by adding adebugger;statement on line 511, and then executing your program withnode debug my_program.js. If you are not familiar the node debugger is a little bit annoying, but it is workable -
What more specifically is the error message that is returned from AWS? - I would check this by adding a debugger on line 184. This is where we make the call to s3 to actually upload a file. Maybe there will be more helpful information if we have access to the entire error message?
I will keep thinking about it, but this is where I would start. Let me know if you find anything useful!
I think the s3diff returns fine (no error reported there).
I don't think line 184 ever gets called. Before that, this is the error the AWS returns:
Finished Uploading 0 of 0
{ AccessDenied: Access Denied
at Request.extractError (/app/node_modules/aws-sdk/lib/services/s3.js:539:35)
at Request.callListeners (/app/node_modules/aws-sdk/lib/sequential_executor.js:105:20)
at Request.emit (/app/node_modules/aws-sdk/lib/sequential_executor.js:77:10)
at Request.emit (/app/node_modules/aws-sdk/lib/request.js:674:14)
at Request.transition (/app/node_modules/aws-sdk/lib/request.js:22:10)
at AcceptorStateMachine.runTo (/app/node_modules/aws-sdk/lib/state_machine.js:14:12)
at /app/node_modules/aws-sdk/lib/state_machine.js:26:10
at Request.<anonymous> (/app/node_modules/aws-sdk/lib/request.js:39:9)
at Request.<anonymous> (/app/node_modules/aws-sdk/lib/request.js:676:12)
at Request.callListeners (/app/node_modules/aws-sdk/lib/sequential_executor.js:115:18)
message: 'Access Denied',
code: 'AccessDenied',
region: null,
time: 2017-04-14T22:15:59.653Z,
requestId: 'E09655F3FC11249B',
extendedRequestId: 'c33cHSk5AyxifIiD4XhqQzZWsSV+ZZ7DjrRHG7kANT0Hy9W6waWw4Ocm8l8kxGfp2pBYlFLozVQ=',
cfId: undefined,
statusCode: 403,
retryable: false,
retryDelay: 94.81207584637876 }
/app/node_modules/aws-sdk/lib/request.js:32
throw err;
You can see the console.log from line 182 is called but it seems to break after that.
Hope that helps!
For what it's worth -- I just experienced the same issue, did some debugging, couldn't find anything wrong with code. Turns out that I had the bucket permission set to allow public read AND write, which is why files were successfully being uploaded, "Access Denied" error message notwithstanding.
I fixed by ensuring that a) the IAM user whose credentials are being used had a AmazonS3FullAccess permission set, and b) the s3 bucket did not allow for public writing.
Hope this helps, even though it's months later and may not be related to this specific issue :)
Same here
I have given full permission for s3 but it is still shows access denied
Check the name of your bucket. I had an issue where I was passing the create function from the CLI using the --use-s3-bucket flag and passed the wrong name of the bucket. Changing it to the right one fixed it for me.
same here I am getting access denied as well but with the same deploy command that used to work what could be the cause for that?
- bad/expired credentials (i switched to my global admin credentials still no go)
- AWS changed something with the API (or it is an AWS bug, in which case nothing to do { not very likely })
- s3-website is relying on some higher level global configuration consumed by the 'aws-sdk' package like the AWS account, as I have more than one (this is what I am suspecting to be the cause)
and the winner is number 3 😄
by deleting my ~/.aws/credentials file which contained two profiles
I managed to upload via s3-website!
so s3-website is relying on ~/.aws/credentials and having two profiles somehow causes the aws-sdk to behave differently you can read the doc A New and Standardized Way to Manage Credentials in the AWS SDKs
@nick-benoit14 what do you think
Check the name of your bucket. I had an issue where I was passing the create function from the CLI using the --use-s3-bucket flag and passed the wrong name of the bucket. Changing it to the right one fixed it for me.
LOL I can't believe this answer save me from a hard headache :))
