AWS S3 Bucket policy editor access denied

Asked 27/11, 2018 at 9:10 Answered 27/4, 2023 at 13:57

Solved amazon-web-services amazon-s3 bucket

I am logged in with the root account trying to give public access to a bucket inline with the instructions for setting up a static s3 web site. However I get an access denied message when running the bucket policy.

There is no more detail on the message.

Renfrew answered 27/11, 2018 at 9:10 Comment(2)

Create an user account from your root account , assign required roles and rights and start it from there. – Potful 27/11, 2018 at 9:29

THE WORKAROUND make the bucket open to the public then I can save the bucket policy and then make the bucket private again. – Orlon 12/9, 2021 at 17:2

116

This could be due to recent changes in S3. To fix this issue, you need to assign Public Access to the bucket, follow the below steps:

In the Permissions tab click on the Block Public Access settings.
Click Edit to the right of these settings.
Make sure Block public access to buckets and objects granted through new public bucket or access point policies option is deselected.
Click Save.
Go back to the Bucket Policy and try again.

Hotheaded answered 27/11, 2018 at 10:1 Comment(8)

This is not the correct way , this is just a temporary solution. – Thumbstall 4/12, 2020 at 13:20

What do you mean? – Hotheaded 12/12, 2020 at 1:28

giving public access to bucket is not the correct way, how will you do it in PRD, you can loose sensitive content within mins. You have to add a role to your user and that will allow you to add/modify bucket policy without giving public access. only the ARN will have access to bucket. Its all given in docs – Thumbstall 12/12, 2020 at 15:22

you can not modify bucket policy even if you have admin role , you have to explicitly add a role to give access to modify the bucket policy. : aws.amazon.com/premiumsupport/knowledge-center/…. – Thumbstall 12/12, 2020 at 15:25

I resolve this issue after going through above link without giving public access to bucket. – Thumbstall 12/12, 2020 at 15:26

In the question, he is saying "trying to give public access to a bucket". – Hotheaded 14/12, 2020 at 17:54

This "answer" is just wrong, the whole point is to setup a static website bucket with non-public access, that is to be served through CloudFront – Nogging 25/3, 2021 at 16:9

No solutions so far for a bucket being served through CloudFront and has public access disabled. – Lannylanolin 12/9, 2022 at 7:55

"Manage public bucket policies for this bucket" section need to be unchecked for to introduce "Allow" policies.

But be cautious, unchecking these might enable you to introduce a policy but that policy is a public policy making your bucket public.

Having these checked - You won't be able to introduce "Allow" policies that for this bucket.

You can however introduce "Deny" policies, with these options checked.

Leopardi answered 30/12, 2018 at 19:58 Comment(0)

The accepted answer works even if related comments suggest it's not a good idea for security reasons. In fact it is in line with AWS instructions for static website hosting here

https://docs.aws.amazon.com/AmazonS3/latest/userguide/HostingWebsiteOnS3Setup.html

which answers the OP's question.

To summarise the steps (given in the linked page) to configure a static website on Amazon S3:

Create a bucket
Enable static website hosting
Unblock all public access
Add the bucket policy that makes your content publicly available (the yaml config you have in your post)
Configure your index document (usually index.html)
Configure any error/redirect/no-auth documents (for React this is usually also index.html)

Mcgrath answered 12/10, 2021 at 20:59 Comment(2)

While this link may answer the question, it is better to include the essential parts of the answer here and provide the link for reference. Link-only answers can become invalid if the linked page changes. - From Review – Scalping 13/10, 2021 at 4:41

Thanks @Dom. I've edited my answer accordingly. The linked page goes into greater detail but hopefully there is enough here to confirm that indeed allowing public access is what is officially recommended by AWS – Mcgrath 21/10, 2021 at 1:39

If your bucket policy grants public access, check if S3 Block Public Access is enabled on the bucket.

Weisbrodt answered 10/9, 2022 at 18:21 Comment(0)

This just recently popped up for us as an error when deploying new static site stacks to S3. Apparently defaults for new S3 buckets recently changed: https://docs.aws.amazon.com/AmazonS3/latest/userguide/create-bucket-faq.html We're deploying via serverless and had to add some config to the S3 bucket definition to get past the issue:

Resources:
   StaticSite:
     Type: AWS::S3::Bucket
     Properties:
       PublicAccessBlockConfiguration:
         BlockPublicPolicy: false

Adeline answered 27/4, 2023 at 13:57 Comment(0)

Change the permissions to below works for me:

Exuberance answered 4/3, 2021 at 20:34 Comment(1)

Surely the 2nd option is more emcompassing than the first, "ANY" vs "NEW", so surely you would have to uncheck the second option too? – Icebound 27/10, 2022 at 9:57

Recommended topics

Hot tags