Allow S3 access to AWS Serverless Repo in IAM Policy

0

My IAM user that is responsible for deploying CDK templates has an IAM policy specified (Listing 1.), to limit which S3 buckets it has access to.

When attempting to deploy an application from AWS Serverless Repos, I receive the error in Listing 2. This error leads me to believe that the CDK deployer has tried to read some artifact out of an S3 bucket associated with deploying an application from AWS Serverless Repos.

How should I update this policy to allow my CDK deployer to access the relevant S3 bucket? I can't / don't know how to derive the relevant ARN pattern to indicate that I want to allow the CDK deployer to access the S3 buckets associated with AWS Serverless Repos.

...
        {
            "Sid": "MyPolicy",
            "Effect": "Allow",
            "Action": [
                "s3:GetObject",
            ],
            "Resource": [
                "arn:aws:s3:::something-here-*/*"
                "arn:aws:s3:::something-else-*/*"
            ]
        },
...

Listing 1.

Your access has been denied by S3, please make sure your request credentials have permission to GetObject for awsserverlessrepo-changesets-1my58927y6rqa/857181079225/arn:aws:serverlessrepo:eu-central-1:482117739457:applications-cloudwatch-alarm-to-ms-teams-versions-1.1.8/465e2e1c-1c66-417d-9528-0855feae5e55.

Listing 2.

1 Answer
1

You can refer to this documentation to modify your IAM policy for using AWS Serverless Repo : https://docs.aws.amazon.com/serverlessrepo/latest/devguide/security_iam_service-with-iam.html

AWS
EXPERT
answered a year ago
profile pictureAWS
EXPERT
kentrad
reviewed a year ago
  • Thanks Behrang. This documentation doesn't mention any policies that would allow my deployer to access the relevant S3 bucket. Is this something I'm misunderstanding? If I were to grant my deployer the "serverlessrepo:CreateApplication" permission, would that grant it the access it needs to access the S3 bucket?

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions