[Bug] Access denied when allowing public reads on newly created bucket
iamogbz opened this issue · comments
Emmanuel Ogbizi commented
Failure while deploying build using aws-spa
[S3] ✏️ Allow public read to "s3.bucket.domain"...
💥 Access Denied
Reason due to initial bucket creation having the Block public access (bucket settings) - All
setting enabled.
Can be fixed by adding a remove block public access step before the allow public read bucket policy update.
export const setBucketPolicy = async (bucketName: string) => {
logger.info(`[S3] ✏️ Allow public read to "${bucketName}"...`);
// remove public access block
await s3
.putPublicAccessBlock({
Bucket: bucketName,
PublicAccessBlockConfiguration: {
BlockPublicAcls: false,
IgnorePublicAcls: false,
BlockPublicPolicy: false,
RestrictPublicBuckets: false,
},
})
.promise();
// allow public reads
return s3
.putBucketPolicy({
Bucket: bucketName,
Policy: JSON.stringify({
Statement: [
{
Sid: "AllowPublicRead",
Effect: "Allow",
Principal: {
AWS: "*",
},
Action: "s3:GetObject",
Resource: `arn:aws:s3:::${bucketName}/*`,
},
],
}),
})
.promise();
};
at
Lines 117 to 137 in 6031af3
Grégoire de Trogoff commented
Should be resolved by: #58