https://pulumi.com logo
#aws
Title
# aws
d

dazzling-sundown-39670

10/26/2020, 5:52 PM
Trying to create a user and a bucket where the user has been granted permission on the bucket but I'm getting this error:
Error putting S3 Grants: InvalidArgument: Invalid id
. I've been looking at this: https://www.pulumi.com/docs/reference/pkg/aws/s3/bucket/#using-acl-policy-grants Any suggestions? Code in comments ➡️
Copy code
const user = new aws.iam.User('backup-user');
const accessKey = new aws.iam.AccessKey(
  'backup-user-access-key',
  {
    user: user.name,
  },
  {
    parent: user,
  },
);
const bucket = new aws.s3.Bucket(
  'backup-bucket',
  {
    grants: [
      {
        id: user.id, // also tried user.uniqueId
        type: 'CanonicalUser',
        permissions: ['FULL_CONTROL'],
      },
      {
        type: 'Group',
        permissions: ['READ', 'WRITE'],
        uri: '<http://acs.amazonaws.com/groups/s3/LogDelivery>',
      },
    ],
  },
  {
    parent: user,
  },
);
b

breezy-butcher-78604

10/27/2020, 7:27 AM
S3 grants are for giving access to entire AWS accounts (not IAM users within an account). The error you're getting is because S3 is expecting a Canonical User ID and you're giving it the ID of an IAM users. If the IAM user belongs to the same account that the bucket belongs to, you don't actually need to make any changes to the bucket to allow it access. By default all S3 buckets allow all users/principals from the same account access to the bucket assuming the specified user/principal is allowed access to the bucket.
so in order to achieve what I think you're trying to do, you just need to attach a policy to your IAM user that allows it access to your bucket. the bucket itself won't need any additional configuration for grants/policies
d

dazzling-sundown-39670

10/27/2020, 7:44 AM
b

breezy-butcher-78604

10/27/2020, 7:47 AM
yep, exactly 👍
d

dazzling-sundown-39670

10/27/2020, 1:11 PM
@breezy-butcher-78604 I got it all sorted btw! Thanks for the assist 🙏
b

breezy-butcher-78604

10/27/2020, 1:24 PM
No problem, glad I could help
4 Views