AWS - S3 - Creating a Bucket Policy - Error: Access Denied

0004 Published at Dev

0004

Trying to create an Amazon Web Services - S3 bucket policy, but when running the script I get the following error. Where exactly is my access being denied? Could this issue relate to how I set up my aws configur

Traceback (most recent call last):
  File "C:\Users\*****\githubb\aws\s3operations.py", line 40, in <module>
    print(create_bucket_policy())
  File "C:\Users\Patrick\githubb\aws\s3operations.py", line 36, in create_bucket_policy
    Policy=policy_string
  File "C:\Users\Patrick\Python36\lib\site-packages\botocore\client.py", line 357, in _api_call
    return self._make_api_call(operation_name, kwargs)
  File "C:\Users\Patrick\Python36\lib\site-packages\botocore\client.py", line 661, in _make_api_call
    raise error_class(parsed_response, operation_name)
botocore.exceptions.ClientError: An error occur

red (AccessDenied) when calling the PutBucketPolicy operation: Access Denied

The following is my script:

import boto3
import json

BUCKET_NAME ='patricksbucket'

def s3_client():
    s3 = boto3.client('s3')
    """:type : pyboto3.s3"""
    return s3

def create_bucket(bucket_name):
    return s3_client().create_bucket(
        Bucket=bucket_name,
        CreateBucketConfiguration={
            'LocationConstraint': 'us-east-2'
            }
        )

def create_bucket_policy():
    bucket_policy = {
        "Vesrion": "2012-10-17",
        "Statement":[
            {
            "Sid": "AddPerm",
            "Effect": "Allow",
            "Principal": "*",
            "Action":["s3:*"],
            "Resource":["arn:aws:s3:::patricksbucket/*"]
            }
        ]
    }
    policy_string = json.dumps(bucket_policy)

    return s3_client().put_bucket_policy(
        Bucket=BUCKET_NAME,
        Policy=policy_string
    )
if __name__ == '__main__':
    #print(create_bucket(BUCKET_NAME))
    print(create_bucket_policy())

jslipknot

It could happens because of several reasons although mainly related to your credentials or your policy. Anyway, you just follow the permission specifications that say how to grant everything with a wildcard as I see in your code

An example from Amazon Docs can shed a light

    "Action": "*"
    "Action": "s3:*"

The other reason, additional to the one above, is your credentials. For example, if you use AWS CLI

    $ aws configure
    AWS Access Key ID [None]: AKIAIOSFODNN7EXAMPLE
    AWS Secret Access Key [None]: wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
    Default region name [None]: us-west-2
    Default output format [None]: json

Hope it helps (:

Collected from the Internet

Please contact [email protected] to delete if infringement.