https://pulumi.com logo
Join Slack
Powered by
This message was deleted.
# pulumi-deployments
s
This message was deleted.
l
How are you configuring your AWS credentials?
b
With providers, I think my cert config is working, because I am able to generate all other resources, expect this ACL one. Unless there is special cred work needs to be done.
s
Can you share your code?
b
Yes
Copy code
const webBucket = new aws.s3.BucketV2(
    webS3Name,
    {
      tags: {
        Environment: configEnvironment,
        Name: webS3Name,
      },
    },
    { provider: config.providers[configEnvironment] as aws.Provider },
  );  
const bucketOwnershipControls = new aws.s3.BucketOwnershipControls(
    `${webS3Name}-OwnershipControls`,
    {
      bucket: webBucket.id,
      rule: {
        objectOwnership: 'BucketOwnerPreferred',
      },
    },
    { provider: config.providers[configEnvironment] as aws.Provider },
  );

  new aws.s3.BucketPolicy(
    `${webS3Name}-BucketPolicy`,
    {
      bucket: webBucket.id,
      policy: allowPulicAccessPolicyDocument.apply((allowPulicAccessPolicyDocument) => {
        return allowPulicAccessPolicyDocument.json;
      }),
    },
    { provider: config.providers[configEnvironment] as aws.Provider },
  );

  new aws.s3.BucketAclV2(
    `${webS3Name}-AclV2`,
    {
      acl: 'public-read',
      bucket: webBucket.id,
    },
    {
      dependsOn: [bucketOwnershipControls, bucketPublicAccessBlock],
      provider: config.providers[configEnvironment] as aws.Provider,
    },
  );
s
I see 
bucketPublicAccessBlock
referenced in the 
dependsOn
, but I don’t see it defined here…?
b
Copy code
const bucketPublicAccessBlock = new aws.s3.BucketPublicAccessBlock(
    `${webS3Name}-accessBlock`,
    {
      blockPublicAcls: true,
      blockPublicPolicy: true,
      bucket: webBucket.id,
      ignorePublicAcls: true,
      restrictPublicBuckets: true,
    },
    { provider: config.providers[configEnvironment] as aws.Provider },
  );
here
s
I think you need to change 
blockPublicAcls: true
to 
blockPublicAcls: false
And I think that 
ignorePublicAcls
should also be 
false
b
Thanks!
s
Happy to help!
6 Views
Open in Slack
PreviousNext
Powered by