'specified bucket does not exist ' error - S3 bucket with Policy disallow upload from particular IP

Daniel S.

I'm attempting to create an S3 bucket with a policy that disallows uploading anything from a particular public IP. It's written in YAML. Below is the code. Unfortunately I get this error:

The specified bucket does not exist. The bucket name sections match. Any idea what I am missing?

Resources:

  TestS3Bucket:
    Type: AWS::S3::Bucket
    Properties:
      BucketName: test4.test.bucket

  TestS3BucketPolicy:
    Type: AWS::S3::BucketPolicy
    Properties:
      Bucket: TestS3Bucket
      PolicyDocument:
        Version: 2012-10-17
        Statement: 
          Sid: SingleIPAllow
          Effect: Deny
          Principal: "*"
          Action: s3:PutObject
          Resource: arn:aws:s3:::test4.test.bucket
          Condition: 
            NotIpAddress: 
              aws:SourceIp: "***.***.***.***"

Dennis Traub

The BucketPolicy resource needs to point to a reference of the bucket. If you change your CloudFormation template to the following, it should work. Note the attribute Bucket: !Ref TestS3Bucket in the TestS3BucketPolicies Properties.

Resources:
  TestS3Bucket:
    Type: AWS::S3::Bucket
    Properties:
      BucketName: test4.test.bucket

  TestS3BucketPolicy:
    Type: AWS::S3::BucketPolicy
    Properties:
      Bucket: !Ref TestS3Bucket   // You need the !Ref here
      PolicyDocument:
        Version: 2012-10-17
        Statement: 
          Sid: SingleIPAllow
          Effect: Deny
          Principal: "*"
          Action: s3:PutObject
          Resource: arn:aws:s3:::test4.test.bucket
          Condition: 
            NotIpAddress: 
              aws:SourceIp: "***.***.***.***"

Collected from the Internet

Please contact [email protected] to delete if infringement.

edited at2021-05-29

Comments

0 comments

TOP Ranking

Article