1 Answer
- Newest
- Most votes
- Most comments
0
Hi, it seems that your S3 bucket denied access from your Elastic Beanstalk environment. Try modify your S3 bucket policy like this (replace 111122223333
to your account ID):
{ "Version": "2008-10-17", "Statement": [ { "Sid": "eb-af163bf3-d27b-4712-b795-d1e33e331ca4", "Effect": "Allow", "Principal": { "AWS": "arn:aws:iam::111122223333:root" }, "Action": [ "s3:ListBucket", "s3:ListBucketVersions", "s3:GetObject", "s3:GetObjectVersion" ], "Resource": [ "arn:aws:s3:::elasticbeanstalk-ap-northeast-1-111122223333", "arn:aws:s3:::elasticbeanstalk-ap-northeast-1-111122223333/resources/environments/*" ] }, { "Sid": "eb-58950a8c-feb6-11e2-89e0-0800277d041b", "Effect": "Deny", "Principal": { "AWS": "*" }, "Action": "s3:DeleteBucket", "Resource": "arn:aws:s3:::elasticbeanstalk-ap-northeast-1-111122223333" } ] }
answered 7 months ago
Relevant content
- asked a year ago
- asked 5 months ago
- AWS OFFICIALUpdated 7 days ago
- AWS OFFICIALUpdated 7 days ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 20 days ago
This is my current bucket policy, but the issue is still the same:
{ "Version": "2008-10-17", "Statement": [ { "Sid": "eb-ad78f54a-f239-4c90-adda-49e5f56cb51e", "Effect": "Allow", "Principal": { "AWS": "arn:aws:iam::427696093870:role/aws-elasticbeanstalk-ec2-role" }, "Action": "s3:PutObject", "Resource": "arn:aws:s3:::elasticbeanstalk-us-east-1-427696093870/resources/environments/logs/" }, { "Sid": "eb-af163bf3-d27b-4712-b795-d1e33e331ca4", "Effect": "Allow", "Principal": { "AWS": "arn:aws:iam::427696093870:root" }, "Action": [ "s3:ListBucket", "s3:ListBucketVersions", "s3:GetObject", "s3:GetObjectVersion" ], "Resource": [ "arn:aws:s3:::elasticbeanstalk-us-east-1-427696093870", "arn:aws:s3:::elasticbeanstalk-us-east-1-427696093870/resources/environments/" ] }, { "Sid": "eb-58950a8c-feb6-11e2-89e0-0800277d041b", "Effect": "Deny", "Principal": { "AWS": "*" }, "Action": "s3:DeleteBucket", "Resource": "arn:aws:s3:::elasticbeanstalk-us-east-1-427696093870" } ] }
Oh, did you use access log for your load balancer? If so, you need to grant
s3:PutObject
toarn:aws:iam::127311923021:root
.https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/enable-access-logs.html#attach-bucket-policy