lalalilo / aws-spa

A no-brainer script to deploy a single page app on AWS

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

[Bug] Access denied when allowing public reads on newly created bucket

iamogbz opened this issue · comments

Failure while deploying build using aws-spa

[S3] ✏️ Allow public read to "s3.bucket.domain"...
💥 Access Denied

Reason due to initial bucket creation having the Block public access (bucket settings) - All setting enabled.

Can be fixed by adding a remove block public access step before the allow public read bucket policy update.

export const setBucketPolicy = async (bucketName: string) => {
  logger.info(`[S3] ✏️ Allow public read to "${bucketName}"...`);
  // remove public access block
  await s3
    .putPublicAccessBlock({
      Bucket: bucketName,
      PublicAccessBlockConfiguration: {
        BlockPublicAcls: false,
        IgnorePublicAcls: false,
        BlockPublicPolicy: false,
        RestrictPublicBuckets: false,
      },
    })
    .promise();
  // allow public reads
  return s3
    .putBucketPolicy({
      Bucket: bucketName,
      Policy: JSON.stringify({
        Statement: [
          {
            Sid: "AllowPublicRead",
            Effect: "Allow",
            Principal: {
              AWS: "*",
            },
            Action: "s3:GetObject",
            Resource: `arn:aws:s3:::${bucketName}/*`,
          },
        ],
      }),
    })
    .promise();
};

at

aws-spa/src/s3.ts

Lines 117 to 137 in 6031af3

export const setBucketPolicy = (bucketName: string) => {
logger.info(`[S3] ✏️ Allow public read to "${bucketName}"...`);
return s3
.putBucketPolicy({
Bucket: bucketName,
Policy: JSON.stringify({
Statement: [
{
Sid: "AllowPublicRead",
Effect: "Allow",
Principal: {
AWS: "*",
},
Action: "s3:GetObject",
Resource: `arn:aws:s3:::${bucketName}/*`,
},
],
}),
})
.promise();
};

Should be resolved by: #58