S3 Bucket Policy Got Stricter From Aug 1st?

Question

Dear all,

My AWS account was loading the query output.csv off from AMC (Amazon Marketing Cloud) and the S3 policy below worked just fine:

```
{
    "Version": "2012-10-17",
    "Id": "BucketDeliveryPolicy",
    "Statement": [
        {
            "Sid": "BucketDelivery",
            "Effect": "Allow",
            "Principal": {
                "AWS": "arn:aws:iam::000000000000:root"
            },
            "Action": "s3:PutObject",
            "Resource": "arn:aws:s3:::my-bucket-name/*"
        },
        {
            "Sid": "BucketOwnerAccess",
            "Effect": "Allow",
            "Principal": {
                "AWS": "arn:aws:iam::111111111111:root"
            },
            "Action": "s3:*",
            "Resource": [
                "arn:aws:s3:::my-bucket-name/*",
                "arn:aws:s3:::my-bucket-name"
            ]
        }
    ]
}
```

But since Aug 1st, all the query outputs stopped landing into the S3. 
The transfer was back to normal after I added the following to the existing S3 policy:

{
            "Sid": "DataUploadAccountAccess",
            "Effect": "Allow",
            "Principal": {
                "AWS": "arn:aws:iam::222222222222:root"
            },
            "Action": "s3:PutObject",
            "Resource": "arn:aws:s3:::my-bucket-name/*"
        }

Can anyone help me understand the potential reason for the stricter permission required? I didn't do any change in the AWS account. Seems to me something on the AWS side got updated, forcing the S3 bucket to allow more permission from the AMC instance?

Thanks,
Fang

Gary Mclean · Accepted Answer

No changes on the bucket restritions. Perhaps the Upload process changed the account ID from 000000000000 and you have just had to add the new account ID 22222222222

S3 Bucket Policy Got Stricter From Aug 1st?

Añade tu respuesta

Contenido relevante