Hi I am following the steps to Enroll a Admin User from here https://docs.aws.amazon.com/managed-blockchain/latest/hyperledger-fabric-dev/get-started-enroll-admin.html
The step to copy a preconfig'd cert from a S3 location to my EC2 fails with Forbidden.
I have checked my role for permissions, that is attached to the EC2. The perms look like this:
{ "Sid": "AccessManagedBlockchainBucket", "Effect": "Allow", "Action": [ "s3:GetObject" ], "Resource": "arn:aws:s3:::us-east-1.managedblockchain/*" },
I get this:
[xxxx@ip-xxxxx~]$ aws s3 cp s3://us-east-1.managedblockchain/etc/managedblockchain-tls-chain.pem /home/ec2-user/managedblockchain-tls-chain.pem fatal error: An error occurred (403) when calling the HeadObject operation: Forbidden
Any pointers on what is wrong with the s3 cp still?
Hmmm I will continue to troubleshoot, but I have the ListBucket action also mentioned in the policy, which is attached to the role, which is attached to the EC2 instance. The right arn on s3 is also in the policy. Maybe I need to look at my aws cli config - checked that and its referring to the right region.