Cannot enable Load Balancer in Elastic Beanstalk

0

I have an Elastic Beanstalk enviroinment where I deployed a Node.js application. I created this env without Load Balanacer in single instance mode. Now, I am trying to enable Load Balancer but I am facing issues.

Enter image description here

1 Answer
0

Hi, it seems that your S3 bucket denied access from your Elastic Beanstalk environment. Try modify your S3 bucket policy like this (replace 111122223333 to your account ID):

{
  "Version": "2008-10-17",
  "Statement": [
    {
      "Sid": "eb-af163bf3-d27b-4712-b795-d1e33e331ca4",
      "Effect": "Allow",
      "Principal": {
        "AWS": "arn:aws:iam::111122223333:root"
      },
      "Action": [
        "s3:ListBucket",
        "s3:ListBucketVersions",
        "s3:GetObject",
        "s3:GetObjectVersion"
      ],
      "Resource": [
        "arn:aws:s3:::elasticbeanstalk-ap-northeast-1-111122223333",
        "arn:aws:s3:::elasticbeanstalk-ap-northeast-1-111122223333/resources/environments/*"
      ]
    },
    {
      "Sid": "eb-58950a8c-feb6-11e2-89e0-0800277d041b",
      "Effect": "Deny",
      "Principal": {
        "AWS": "*"
      },
      "Action": "s3:DeleteBucket",
      "Resource": "arn:aws:s3:::elasticbeanstalk-ap-northeast-1-111122223333"
    }
  ]
}
profile picture
HS
answered 6 months ago
  • This is my current bucket policy, but the issue is still the same:

    { "Version": "2008-10-17", "Statement": [ { "Sid": "eb-ad78f54a-f239-4c90-adda-49e5f56cb51e", "Effect": "Allow", "Principal": { "AWS": "arn:aws:iam::427696093870:role/aws-elasticbeanstalk-ec2-role" }, "Action": "s3:PutObject", "Resource": "arn:aws:s3:::elasticbeanstalk-us-east-1-427696093870/resources/environments/logs/" }, { "Sid": "eb-af163bf3-d27b-4712-b795-d1e33e331ca4", "Effect": "Allow", "Principal": { "AWS": "arn:aws:iam::427696093870:root" }, "Action": [ "s3:ListBucket", "s3:ListBucketVersions", "s3:GetObject", "s3:GetObjectVersion" ], "Resource": [ "arn:aws:s3:::elasticbeanstalk-us-east-1-427696093870", "arn:aws:s3:::elasticbeanstalk-us-east-1-427696093870/resources/environments/" ] }, { "Sid": "eb-58950a8c-feb6-11e2-89e0-0800277d041b", "Effect": "Deny", "Principal": { "AWS": "*" }, "Action": "s3:DeleteBucket", "Resource": "arn:aws:s3:::elasticbeanstalk-us-east-1-427696093870" } ] }

  • Oh, did you use access log for your load balancer? If so, you need to grant s3:PutObject to arn:aws:iam::127311923021:root.

    NOTE: 127311923021 is an AWS account for Elastic Load Balancer in us-east-1 region and you should not replace this to your own account.

    https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/enable-access-logs.html#attach-bucket-policy

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions