An error occurred: ServerlessDeploymentBucket - API: s3:CreateBucket Access Denied

Serverless Framework
1

Hi all.
I may have wrong configuration and get the error An error occurred: ServerlessDeploymentBucket - API: s3:CreateBucket Access Denied. when I run sls deploy.

To create service, I run serverless create --template aws-nodejs and named it my-service.
Using default serverless.yml, it’s like

service: my-service
provider:
  name: aws
  runtime: nodejs8.10
  stage: dev
  region: ap-northeast-1
  iamRoleStatements:
    - Effect: "Allow"
      Action:
        - "s3:ListBucket"
      Resource: { "Fn::Join" : ["", ["arn:aws:s3:::", { "Ref" : "ServerlessDeploymentBucket" } ] ]  }
    - Effect: "Allow"
      Action:
        - "s3:PutObject"
      Resource:
        Fn::Join:
          - ""
          - - "arn:aws:s3:::"
            - "Ref" : "ServerlessDeploymentBucket"
            - "/*"
functions:
  hello:
    handler: handler.hello
resources:
 Resources:
   NewResource:
     Type: AWS::S3::Bucket
     Properties:
       BucketName: my-new-bucket
 Outputs:
    NewOutput:
      Description: "Description for the output"
      Value: "Some output value"

The handler.js is as is

'use strict';

module.exports.hello = async (event) => {
  return {
    statusCode: 200,
    body: JSON.stringify({
      message: 'Go Serverless v1.0! Your function executed successfully!',
      input: event,
    }, null, 2),
  };

  // Use this code if you don't use the http event with the LAMBDA-PROXY integration
  // return { message: 'Go Serverless v1.0! Your function executed successfully!', event };
};

When I run sls deploy, I get

C:\Users\user\workspace\serverless-test>sls deploy
Serverless: Packaging service...
Serverless: Excluding development dependencies...
Serverless: Creating Stack...
Serverless: Checking Stack create progress...
....
Serverless: Operation failed!
Serverless: View the full error output: https://ap-northeast-1.console.aws.amazon.com/cloudformation/home?region=ap-northeast-1#/stack/detail?stackId=arn%3Aaws%3Acloudformation%3Aap-northeast-1%3Axxxxxxxxxxxx%3Astack%2Fmy-service-dev%2F4a8d7ce0-71fa-11e9-9190-068e2b92c6b0

  Serverless Error ---------------------------------------

  An error occurred: ServerlessDeploymentBucket - API: s3:CreateBucket Access Denied.

  Get Support --------------------------------------------
     Docs:          docs.serverless.com
     Bugs:          github.com/serverless/serverless/issues
     Issues:        forum.serverless.com

  Your Environment Information ---------------------------
     OS:                     win32
     Node Version:           8.11.2
     Serverless Version:     1.41.1

My IAM role has “AdministratorAccess”. I could create s3 bucket via awscli so I believe I have right access.

2

Did any one find solution to this problem.
i did “serverless deploy” i get same error, i have user credentials using which i can create bucket using AWS CLI.

3

I also encountered this problem, with an appropriately permissioned user, when attempting to create to following bucket:

resources:
  Resources:
    SomeBucket:
      Type: AWS::S3::Bucket
      Properties:
        AccessControl: PublicRead
        BucketName: ${self:custom.someBucketName}
        WebsiteConfiguration:
          IndexDocument: index.html

I could, however, create the bucket if I didn’t specify AccessControl: PublicRead. Having done that, I tried to add the access control and the bucket update failed with API: s3:PutBucketAcl Access Denied, so the initial error message wasn’t the whole story.

I found that public access to buckets was being blocked at an account level (https://docs.aws.amazon.com/AmazonS3/latest/dev/creating-access-points.html#access-points-bpa-settings). After changing those settings I was able to create the bucket.