Channels
pulumi-ai
package-authoring
pulumi-cdk
oracle-cloud-infrastructure
learn-pulumi-events
linen
registry
built-with-pulumi
pulumi-cloud
contribex
testingtesting321
hacktoberfest
cloudengineering
yaml
pulumi-crosscode
content-share
finops
multi-language-hackathon
office-hours
workshops
blog-posts
localstack
welcome
gitlab
pulumi-kubernetes-operator
jobs
aws
pulumi-deployments
dotnet
golang
announcements
java
pulumiverse
python
install
getting-started
cloudengineering-support
testingtesting123
hackathon-03-19-2020
typescript
google-cloud
contribute
azure
kubernetes
docs
automation-api
status
general
Title
b
brief-car-60542
05/10/2023, 9:52 PMI am getting access denied error when trying to create public web hosting S3 by fellow this example: https://www.pulumi.com/registry/packages/aws/api-docs/s3/bucketaclv2/#with-public-read-acl
* error creating S3 bucket ACL for <bucket name>: AccessDenied: Access Deniedl
lemon-agent-27707
05/10/2023, 10:15 PMHow are you configuring your AWS credentials?
b
brief-car-60542
05/10/2023, 10:41 PMWith providers,
I think my cert config is working, because I am able to generate all other resources, expect this ACL one.
Unless there is special cred work needs to be done.
s
salmon-account-74572
05/10/2023, 11:20 PMCan you share your code?
b
brief-car-60542
05/10/2023, 11:57 PMYes
const webBucket = new aws.s3.BucketV2(
webS3Name,
{
tags: {
Environment: configEnvironment,
Name: webS3Name,
},
},
{ provider: config.providers[configEnvironment] as aws.Provider },
);
const bucketOwnershipControls = new aws.s3.BucketOwnershipControls(
`${webS3Name}-OwnershipControls`,
{
bucket: webBucket.id,
rule: {
objectOwnership: 'BucketOwnerPreferred',
},
},
{ provider: config.providers[configEnvironment] as aws.Provider },
);
new aws.s3.BucketPolicy(
`${webS3Name}-BucketPolicy`,
{
bucket: webBucket.id,
policy: allowPulicAccessPolicyDocument.apply((allowPulicAccessPolicyDocument) => {
return allowPulicAccessPolicyDocument.json;
}),
},
{ provider: config.providers[configEnvironment] as aws.Provider },
);
new aws.s3.BucketAclV2(
`${webS3Name}-AclV2`,
{
acl: 'public-read',
bucket: webBucket.id,
},
{
dependsOn: [bucketOwnershipControls, bucketPublicAccessBlock],
provider: config.providers[configEnvironment] as aws.Provider,
},
);s
salmon-account-74572
05/11/2023, 12:01 AMI see
bucketPublicAccessBlockdependsOnb
brief-car-60542
05/11/2023, 12:04 AMconst bucketPublicAccessBlock = new aws.s3.BucketPublicAccessBlock(
`${webS3Name}-accessBlock`,
{
blockPublicAcls: true,
blockPublicPolicy: true,
bucket: webBucket.id,
ignorePublicAcls: true,
restrictPublicBuckets: true,
},
{ provider: config.providers[configEnvironment] as aws.Provider },
);here
s
salmon-account-74572
05/11/2023, 4:11 AMI think you need to change
blockPublicAcls: trueblockPublicAcls: falseAnd I think that
ignorePublicAclsfalseb
brief-car-60542
05/11/2023, 5:13 AMThanks!
s
salmon-account-74572
05/11/2023, 3:24 PMHappy to help!