AWS - S3 - Creating a Bucket Policy - Error: Access Denied

0

Trying to create an Amazon Web Services - S3 bucket policy, but when running the script I get the following error. Where exactly is my access being denied? Could this issue relate to how I set up my aws configur

Traceback (most recent call last):
File "C:\Users*****\githubb\aws\s3operations.py", line 40, in <module>
print(create_bucket_policy())
File "C:\Users\Patrick\githubb\aws\s3operations.py", line 36, in create_bucket_policy
Policy=policy_string
File "C:\Users\Patrick\Python36\lib\site-packages\botocore\client.py", line 357, in _api_call
return self._make_api_call(operation_name, kwargs)
File "C:\Users\Patrick\Python36\lib\site-packages\botocore\client.py", line 661, in _make_api_call
raise error_class(parsed_response, operation_name)
botocore.exceptions.ClientError: An error occur

red (AccessDenied) when calling the PutBucketPolicy operation: Access Denied
The following is my script:

import boto3
import json

BUCKET_NAME ='patricksbucket'

def s3_client():
s3 = boto3.client('s3')
""":type : pyboto3.s3"""
return s3

def create_bucket(bucket_name):
return s3_client().create_bucket(
Bucket=bucket_name,
CreateBucketConfiguration={
'LocationConstraint': 'us-east-2'
}
)

def create_bucket_policy():
bucket_policy = {
"Vesrion": "2012-10-17",
"Statement":[
{
"Sid": "AddPerm",
"Effect": "Allow",
"Principal": "",
"Action":["s3:
"],
"Resource":["arn:aws:s3:::patricksbucket/*"]
}
]
}
policy_string = json.dumps(bucket_policy)

return s3_client().put_bucket_policy(  
    Bucket=BUCKET_NAME,  
    Policy=policy_string  
)
asked 3 years ago415 views
1 Answer
0
Accepted Answer

It could happens because of several reasons although mainly related to your credentials or your policy. Anyway, you just follow the permission specifications that say how to grant everything with a wildcard as I see in your code

An example from Amazon Docs can shed a light

"Action": "*"  
"Action": "s3:*"  

The other reason, additional to the one above, is your credentials. For example, if you use AWS CLI

$ aws configure  
AWS Access Key ID \[None]: AKIAIOSFODNN7EXAMPLE  
AWS Secret Access Key \[None]: wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY  
Default region name \[None]: us-west-2  
Default output format \[None]: json
answered 3 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions