Cannot create an Environment because of

0

I tried to create an MWAA Environment.
But I couldn't because of this error.

Error: error creating MWAA Environment: ValidationException: Unable to check PublicAccessBlock configuration for the account MY AWS ACCOUNT ID: Access Denied (Service: S3Control, Status Code: 403, Request ID: B0C335WJPKE3X4N9, Extended Request ID: 0kRvvV6plctbztoNhIEmJkiQzS8gL4CCrNnLCSE+GCqUdLgkHVSuMQDxvsiBORmzONL1kHNtqkc=)

At first, I tried it using Terraform v0.14.3 and its AWS Provider v3.36.
After that, I tried the same using AWS Management Console and faced the same error.

How can I solve the problem?

I'm not sure if it's related, but here are the Policies attached with the execution role for the Environment.

Assume Role Policy:
Actions:
sts:AssumeRole
Principals
Services = "airflow-env.amazonaws.com", "airflow.amazonaws.com"

Attched Policy:
Actions:
** s3:GetBucket**
** s3:GetObject**
** s3:List**

Resources:
arn:aws:s3:::BUCKET_NAME
arn:aws:s3:::BUCKET_NAME/*

Edited by: yuyatakeyama on Apr 11, 2021 10:55 AM

asked 4 years ago1841 views
1 Answer
0

I solved it by myself.
I needed to enable "Block all public access" for the S3 bucket storing DAGs.

answered 4 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions