[Empty S3 bucket:<bucket-name>] Failed: Access Denied

[paulblyth]

Hi - I get the following error when trying to empty a bucket before uploading the artifacts:

[Empty S3 bucket: <bucket-name>] Failed: Access Denied (Service: Amazon S3; Status Code: 403; Error Code: AccessDenied; Request ID: F9047D1EDDDC5F85)
[Empty S3 bucket: <bucket-name>] Failed: null

The bucket is emptied though, which is strange? Can you suggest something I'm doing wrong? Maybe an example IAM policy for what I need - although I currently have s3:* on the actions - and if I don't check the empty bucket setting the deployment it works fine.

Thanks, Paul

[paulblyth]

So it was just a IAM policy issue. I've attached my policy below for reference in case anyone ends up in the same situation:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "s3:GetBucketLocation",
                "s3:ListAllMyBuckets"
            ],
            "Resource": "arn:aws:s3:::*"
        },
        {
            "Effect": "Allow",
            "Action": [
                "s3:ListBucket",
                "s3:ListBucketVersions"
            ],
            "Resource": [
                "arn:aws:s3:::bucket"
            ]
        },
        {
            "Effect": "Allow",
            "Action": [
                "s3:PutObject",
                "s3:GetObject",
                "s3:GetObjectVersion",
                "s3:GetBucketVersioning",
                "s3:DeleteObject",
                "s3:DeleteObjectVersion"
            ],
            "Resource": [
                "arn:aws:s3:::bucket/*"
            ]
        }
    ]
}

Happy to close this if you've nothing further to add.

[gonzadocarmo]

Looks like I forgot add this to the README. Feel free to submit a PR if interested. If not, I'll update it. Pls let me know. Thx!

[KaceyGambill]

@paulblyth were you able to just put that in the specific bucket policy? I've been trying to figure out what I was doing wrong, but it's not letting me put that in the Bucket Policy without a "principal" and then when I add the "principal" I get a message saying invalid "action", which I've narrowed down to "s3":"ListAllMyBuckets".

[gonzadocarmo]

The README has been updated with a policy example and instructions. Please feel free to submit a PR with feedback to improve it if needed. Thx!

[paulblyth]

Hi @KaceyGambill ! Sorry for not getting back to you sooner. I'm afraid I don't have access to the project I used this plugin but I'll assume I did what has been added to the docs given the existence of ListAllMyBuckets.

@gonzadocarmo sorry I should have created a PR with a docs update when I ran into the issue - that's my bad.