aws-spa icon indicating copy to clipboard operation
aws-spa copied to clipboard

Published 20 hours ago verified publisher icon lalalilo

[Bug] Access denied when allowing public reads on newly created bucket

Open iamogbz opened this issue 1 year ago • 1 comments

Failure while deploying build using aws-spa

[S3] ✏️ Allow public read to "s3.bucket.domain"...
💥 Access Denied

Reason due to initial bucket creation having the Block public access (bucket settings) - All setting enabled.

Can be fixed by adding a remove block public access step before the allow public read bucket policy update.

export const setBucketPolicy = async (bucketName: string) => {
  logger.info(`[S3] ✏️ Allow public read to "${bucketName}"...`);
  // remove public access block
  await s3
    .putPublicAccessBlock({
      Bucket: bucketName,
      PublicAccessBlockConfiguration: {
        BlockPublicAcls: false,
        IgnorePublicAcls: false,
        BlockPublicPolicy: false,
        RestrictPublicBuckets: false,
      },
    })
    .promise();
  // allow public reads
  return s3
    .putBucketPolicy({
      Bucket: bucketName,
      Policy: JSON.stringify({
        Statement: [
          {
            Sid: "AllowPublicRead",
            Effect: "Allow",
            Principal: {
              AWS: "*",
            },
            Action: "s3:GetObject",
            Resource: `arn:aws:s3:::${bucketName}/*`,
          },
        ],
      }),
    })
    .promise();
};

at

https://github.com/lalalilo/aws-spa/blob/6031af3838ea23e07759e3a3eafe93e8f38cea12/src/s3.ts#L117-L137

iamogbz avatar Jan 06 '24 21:01 iamogbz

Should be resolved by: https://github.com/lalalilo/aws-spa/pull/58

GregdTd avatar May 27 '24 13:05 GregdTd