search

lalalilo / aws-spa

A no-brainer script to deploy a single page app on AWS
41 stars 3 forks source link

[Bug] Access denied when allowing public reads on newly created bucket #56

Open iamogbz opened 6 months ago

iamogbz commented 6 months ago

Failure while deploying build using aws-spa

[S3] ✏️ Allow public read to "s3.bucket.domain"...
💥 Access Denied

Reason due to initial bucket creation having the Block public access (bucket settings) - All setting enabled.

Can be fixed by adding a remove block public access step before the allow public read bucket policy update.

export const setBucketPolicy = async (bucketName: string) => {
  logger.info(`[S3] ✏️ Allow public read to "${bucketName}"...`);
  // remove public access block
  await s3
    .putPublicAccessBlock({
      Bucket: bucketName,
      PublicAccessBlockConfiguration: {
        BlockPublicAcls: false,
        IgnorePublicAcls: false,
        BlockPublicPolicy: false,
        RestrictPublicBuckets: false,
      },
    })
    .promise();
  // allow public reads
  return s3
    .putBucketPolicy({
      Bucket: bucketName,
      Policy: JSON.stringify({
        Statement: [
          {
            Sid: "AllowPublicRead",
            Effect: "Allow",
            Principal: {
              AWS: "*",
            },
            Action: "s3:GetObject",
            Resource: `arn:aws:s3:::${bucketName}/*`,
          },
        ],
      }),
    })
    .promise();
};

at

https://github.com/lalalilo/aws-spa/blob/6031af3838ea23e07759e3a3eafe93e8f38cea12/src/s3.ts#L117-L137

GregdTd commented 1 month ago

Should be resolved by: https://github.com/lalalilo/aws-spa/pull/58