Trying to create an Amazon Web Services - S3 bucket policy, but when running the script I get the following error. Where exactly is my access being denied? Could this issue relate to how I set up my aws configur
Traceback (most recent call last):
File "C:\Users\*****\githubb\aws\s3operations.py", line 40, in <module>
print(create_bucket_policy())
File "C:\Users\Patrick\githubb\aws\s3operations.py", line 36, in create_bucket_policy
Policy=policy_string
File "C:\Users\Patrick\Python36\lib\site-packages\botocore\client.py", line 357, in _api_call
return self._make_api_call(operation_name, kwargs)
File "C:\Users\Patrick\Python36\lib\site-packages\botocore\client.py", line 661, in _make_api_call
raise error_class(parsed_response, operation_name)
botocore.exceptions.ClientError: An error occur
red (AccessDenied) when calling the PutBucketPolicy operation: Access Denied
The following is my script:
import boto3
import json
BUCKET_NAME ='patricksbucket'
def s3_client():
s3 = boto3.client('s3')
""":type : pyboto3.s3"""
return s3
def create_bucket(bucket_name):
return s3_client().create_bucket(
Bucket=bucket_name,
CreateBucketConfiguration={
'LocationConstraint': 'us-east-2'
}
)
def create_bucket_policy():
bucket_policy = {
"Vesrion": "2012-10-17",
"Statement":[
{
"Sid": "AddPerm",
"Effect": "Allow",
"Principal": "*",
"Action":["s3:*"],
"Resource":["arn:aws:s3:::patricksbucket/*"]
}
]
}
policy_string = json.dumps(bucket_policy)
return s3_client().put_bucket_policy(
Bucket=BUCKET_NAME,
Policy=policy_string
)
if __name__ == '__main__':
#print(create_bucket(BUCKET_NAME))
print(create_bucket_policy())
It could happens because of several reasons although mainly related to your credentials or your policy. Anyway, you just follow the permission specifications that say how to grant everything with a wildcard as I see in your code
An example from Amazon Docs can shed a light
"Action": "*"
"Action": "s3:*"
The other reason, additional to the one above, is your credentials. For example, if you use AWS CLI
$ aws configure
AWS Access Key ID [None]: AKIAIOSFODNN7EXAMPLE
AWS Secret Access Key [None]: wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
Default region name [None]: us-west-2
Default output format [None]: json
Hope it helps (:
Collected from the Internet
Please contact [email protected] to delete if infringement.
Comments