Dear all,
My AWS account was loading the query output.csv off from AMC (Amazon Marketing Cloud) and the S3 policy below worked just fine:
{
"Version": "2012-10-17",
"Id": "BucketDeliveryPolicy",
"Statement": [
{
"Sid": "BucketDelivery",
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::000000000000:root"
},
"Action": "s3:PutObject",
"Resource": "arn:aws:s3:::my-bucket-name/*"
},
{
"Sid": "BucketOwnerAccess",
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::111111111111:root"
},
"Action": "s3:*",
"Resource": [
"arn:aws:s3:::my-bucket-name/*",
"arn:aws:s3:::my-bucket-name"
]
}
]
}
But since Aug 1st, all the query outputs stopped landing into the S3.
The transfer was back to normal after I added the following to the existing S3 policy:
{
"Sid": "DataUploadAccountAccess",
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::222222222222:root"
},
"Action": "s3:PutObject",
"Resource": "arn:aws:s3:::my-bucket-name/*"
}
Can anyone help me understand the potential reason for the stricter permission required? I didn't do any change in the AWS account. Seems to me something on the AWS side got updated, forcing the S3 bucket to allow more permission from the AMC instance?
Thanks,
Fang
Thank you so much