brief-car-60542
05/10/2023, 9:52 PM* error creating S3 bucket ACL for <bucket name>: AccessDenied: Access Denied
lemon-agent-27707
05/10/2023, 10:15 PMbrief-car-60542
05/10/2023, 10:41 PMsalmon-account-74572
05/10/2023, 11:20 PMbrief-car-60542
05/10/2023, 11:57 PMconst webBucket = new aws.s3.BucketV2(
webS3Name,
{
tags: {
Environment: configEnvironment,
Name: webS3Name,
},
},
{ provider: config.providers[configEnvironment] as aws.Provider },
);
const bucketOwnershipControls = new aws.s3.BucketOwnershipControls(
`${webS3Name}-OwnershipControls`,
{
bucket: webBucket.id,
rule: {
objectOwnership: 'BucketOwnerPreferred',
},
},
{ provider: config.providers[configEnvironment] as aws.Provider },
);
new aws.s3.BucketPolicy(
`${webS3Name}-BucketPolicy`,
{
bucket: webBucket.id,
policy: allowPulicAccessPolicyDocument.apply((allowPulicAccessPolicyDocument) => {
return allowPulicAccessPolicyDocument.json;
}),
},
{ provider: config.providers[configEnvironment] as aws.Provider },
);
new aws.s3.BucketAclV2(
`${webS3Name}-AclV2`,
{
acl: 'public-read',
bucket: webBucket.id,
},
{
dependsOn: [bucketOwnershipControls, bucketPublicAccessBlock],
provider: config.providers[configEnvironment] as aws.Provider,
},
);
salmon-account-74572
05/11/2023, 12:01 AMbucketPublicAccessBlock
referenced in the dependsOn
, but I don’t see it defined here…?brief-car-60542
05/11/2023, 12:04 AMconst bucketPublicAccessBlock = new aws.s3.BucketPublicAccessBlock(
`${webS3Name}-accessBlock`,
{
blockPublicAcls: true,
blockPublicPolicy: true,
bucket: webBucket.id,
ignorePublicAcls: true,
restrictPublicBuckets: true,
},
{ provider: config.providers[configEnvironment] as aws.Provider },
);
salmon-account-74572
05/11/2023, 4:11 AMblockPublicAcls: true
to blockPublicAcls: false
ignorePublicAcls
should also be false
brief-car-60542
05/11/2023, 5:13 AMsalmon-account-74572
05/11/2023, 3:24 PM