CloudFormation - s3:PutBucketAcl Access Denied

Question

I am updating a simple CloudFormation Stacks, for update ACL

Resources:
  MyS3Bucket:
    Type: AWS::S3::Bucket
    Properties:
      AccessControl: PublicRead

The CloudFormation is using the next role and assuming it:

AmazonS3FullAccess:
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "s3:*",
                "s3-object-lambda:*"
            ],
            "Resource": "*"
        }
    ]
}

But when submitting the update the stack always appears:

MyS3Bucket	
UPDATE_FAILED
API: s3:PutBucketAcl Access Denied

![Enter image description here](/media/postImages/original/IMGumYFYYWRcer4y0epwlz8Q)

Accepted Answer

Hi!
Are you trying to add a PublicRead Policy? If so, have you turned off the bucket's S3 Block Public Access feature - if enabled?

**S3 Block Public Access settings**
If the failed request involves public access or public policies, then check the S3 Block Public Access settings on your account, bucket, or S3 access point. Starting in April 2023, all Block Public Access settings are enabled by default for new buckets.

Here are some coomon causes and resolution(s) for S3 buckets:
[Troubleshoot Access Denied (403 Forbidden) errors in Amazon S3](https://docs.aws.amazon.com/AmazonS3/latest/userguide/troubleshoot-403-errors.html)

CloudFormation - s3:PutBucketAcl Access Denied

관련 콘텐츠