Encountering an `Access Denied` error while deploying the Retail Demo Store CloudFormation stack, specifically with the `CleanupBucket` resource.

[shibearati]

Steps to Reproduce

1. Followed the deployment instructions from the Retail Demo Store repository.
2. Created a GitHub Personal Access Token and configured the necessary parameters.
3. Created an S3 staging bucket with the necessary permissions.
4. Ran the CloudFormation stack deployment using the provided command.

Expected Results

The CloudFormation stack should deploy successfully without any errors.

Actual Results

Received the following error: The following resource(s) failed to create: [CleanupBucket]. Rollback requested by user. 2024-07-04 17:37:36 UTC+0530 CleanupBucket CREATE_FAILED S3 error: Access Denied For more information check http://docs.aws.amazon.com/AmazonS3/latest/API/ErrorResponses.html

[shibearati]

Here is the IAM policy attached to my user (admin) { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": "", "Resource": "" } ] } and s3 bucket policy is:

{ "Version": "2012-10-17", "Id": "PersonalizeS3BucketAccessPolicy", "Statement": [ { "Sid": "PersonalizeS3BucketAccessPolicy", "Effect": "Allow", "Principal": { "Service": "personalize.amazonaws.com" }, "Action": [ "s3:GetObject", "s3:ListBucket" ], "Resource": [ "arn:aws:s3:::", "arn:aws:s3:::/*" ] } ] }

[BastLeblanc]

We have not encountered this error.

Can you check on your side:

• If you have organisation policies or roles/ploicies that would explicitly denies some actions for your user?
• Which resource was denied to be created, from the error it seems located inside the CleanupBucket sub-stack, is it CleanupBucketLambdaFunction CleanupBucketLambdaExecutionRole or something else?
• Cloudtrail at the time of the error to identify principals and the reason for the denied?