When running serverless deploy I am getting AccessDenied when it is trying to Removing old service artifacts from S3
I am confused on which IAM permissions I should be given my policy. I have already given it full access to S3 so not sure what else I am missing.
Here is my serverless.yml
service: <redacted>
frameworkVersion: "3"
useDotenv: true
variablesResolutionMode: 20210326
disabledDeprecations:
- CLI_OPTIONS_SCHEMA # some Serverless plugins haven't been updated yet and generate warnings
provider:
name: aws
runtime: nodejs12.x
region: ${opt:region, 'us-east-2'}
stage: ${opt:stage, 'development'}
memorySize: 512
timeout: 6
logRetentionInDays: 7
lambdaHashingVersion: 20201221 # for upcoming Serverless v3
deploymentMethod: direct
apiGateway:
shouldStartNameWithService: true # for upcoming Serverless v3
environment:
SERVERLESS_PROJECT: ${self:service}
SERVERLESS_REGION: ${self:provider.region}
SERVERLESS_STAGE: ${self:provider.stage}
APP_DIST_URL: ${self:custom.distBucketUrl.${self:provider.region}, self:custom.distBucketUrl.default}
APP_PUBLIC_URL: ${self:custom.distBucketUrl.${self:provider.region}, self:custom.distBucketUrl.default}
APIGATEWAY_URL:
Fn::Join:
- ""
- - https://
- Ref: ApiGatewayRestApi
- .execute-api.
- Ref: AWS::Region
- .amazonaws.com/
- ${self:provider.stage}
plugins:
- serverless-webpack
- serverless-plugin-scripts
- serverless-offline
- serverless-s3-deploy
functions:
serve:
# Any web request regardless of path or method will be handled by a single Lambda function
handler: handler.serve
events:
- http:
path: /
method: any
cors: true
- http:
path: /{any+}
method: any
cors: true
custom:
distBucketUrl:
us-east-2:
# us-east-1 uses a different URL format than the other regions
Fn::Join:
- ""
- - https://s3.amazonaws.com/
- Ref: DistBucket
default:
# All other regions
Fn::Join:
- ""
- - https://s3-
- Ref: AWS::Region
- .amazonaws.com/
- Ref: DistBucket
scripts:
hooks:
# Build the client-side script before packaging backend code
package:initialize: "npm run build:browser"
deploy:finalize: "npx sls s3deploy --stage ${self:provider.stage}"
webpack:
webpackConfig: "webpack.server.config.js"
assets:
# Automatically copy distribution folder to S3 stopped working; do it manually (see `scripts.hooks.deploy:finalize`)
auto: false
targets:
- bucket:
Ref: DistBucket
acl: public-read
files:
- source: dist/
headers:
CacheControl: max-age=31104000 # 1 year
globs:
- "**/*"
serverless-offline:
useChildProcesses: true
noPrependStageInUrl: true
httpPort: 3000
lambdaPort: 3002
resources:
Resources:
# Customize the API Gateway resource
ApiGatewayRestApi:
Type: AWS::ApiGateway::RestApi
Properties:
# Enable gzip compression
MinimumCompressionSize: 1000
# S3 Bucket for the distribution bundles
DistBucket:
Type: AWS::S3::Bucket
DeletionPolicy: Delete
Properties:
CorsConfiguration:
CorsRules:
- AllowedHeaders:
- "*"
AllowedMethods:
- "GET"
AllowedOrigins:
- Fn::Join:
- ""
- - https://
- Ref: ApiGatewayRestApi
- .execute-api.
- Ref: AWS::Region
- .amazonaws.com
MaxAge: 3000
Outputs:
ApiGatewayRestApi:
Description: API Gateway Endpoint
Value:
Ref: ApiGatewayRestApi
DistBucket:
Description: Distribution S3 Bucket
Value:
Ref: DistBucket```