Missing S3 buckets permission in YAML declaration

[jungleBadger]

Summary

The sls deploy command fails due to a permission error on S3 Bucket resources.

Path

lesson-3-events-processing/exercises/02-return-presigned-url-starter/backend/serverless.yml

File

serverless.yml

Explanation

The S3 bucket declaration for the Attachments bucket with a Policy for the referenced file and exercises onwards must include the attribute declaration to avoid a permission error upon creation.

Proposed solution

Add the PublicAccessBlockConfiguration object under the Properties section, as highlighted below.

Here is the complete resource declaration for reference

    AttachmentsBucket:
      Type: AWS::S3::Bucket
      Properties:
        BucketName: ${self:provider.environment.IMAGES_S3_BUCKET}
        PublicAccessBlockConfiguration:
          BlockPublicPolicy: false
          RestrictPublicBuckets: false
        CorsConfiguration:
          CorsRules:
            -
              AllowedOrigins:
                - '*'
              AllowedHeaders:
                - '*'
              AllowedMethods:
                - GET
                - PUT
                - POST
                - DELETE
                - HEAD
              MaxAge: 3000

    BucketPolicy:
      Type: AWS::S3::BucketPolicy
      Properties:
        PolicyDocument:
          Id: MyPolicy
          Version: "2012-10-17"
          Statement:
            - Sid: PublicReadForGetBucketObjects
              Effect: Allow
              Principal: '*'
              Action: 's3:GetObject'
              Resource: 'arn:aws:s3:::${self:provider.environment.IMAGES_S3_BUCKET}/*'
        Bucket: !Ref AttachmentsBucket

[jungleBadger]

Removing the BucketPolicy declaration doesn't seem to break the functionality, but it requires further testing.