I am following the guidelines to create S3 bucket which is served via CloudFront.
S3 bucket does not need a public access, as the content is served from CloudFront.
It seems that CloudFormation does not have the permission to generate the required S3 policy.
Due to that, I receive the following error:
CREATE_FAILED: S3AccessPolicy (AWS::S3::BucketPolicy)
API: s3:PutBucketPolicy Access Denied
Could it be related to the following:
01:34PM - 28 Apr 23 UTC
## What is the issue?
Amazon S3 Buckets have a property called `ObjectOwnersh
## Specifying the S3 Bucket
## Specifying the policies to make sure all files inside the Bucket are avaialble to CloudFront
- Sid: PublicReadGetObject
- Sid: AllowPutBucketPolicy
AWS made changes to S3 bucket access, I created a pull request updating the example:
12:32PM - 27 May 23 UTC
This pull request forces S3 buckets to be private otherwise the deployment fails
Do you know how I can configure this but without using CloudFront?
I’m having the same exact error but I am not using CloudFront and I know it has to do with the
BlockPublicPolicy now as default for new S3 Buckets, but I don’t know how to configure that in my serverless node.js project.
Check this link:
Here are the settings I am using:
# Granting public access to bucket
Bucket: !Ref ImageUploadBucket
- Sid: AllowPublicReadAccess
aws:SecureTransport: 'true' # https://repost.aws/knowledge-center/s3-bucket-policy-for-config-rule
Just to complete what you mentionned which is true, here’s a blog post i wrote regarding that issue named
How to solve the “api:s3:putbucketpolicy access denied” Error.