2 Answers
- Newest
- Most votes
- Most comments
0
At the CLI, issue this command:
aws sts get-caller-identity
Then make sure that principal has a policy that allow the s3:CreateBucket operation.
You can use the IAM Policy Simulator to test also.
0
This AccessDenied error when calling CreateBucket typically means your AWS IAM user or role does not have the right permissions to create an S3 bucket. Here are some things to check:
- Make sure the IAM entity you are using has the "s3:CreateBucket" permission added to its policy. This allows creating new S3 buckets.
- Check the region - you can only create buckets in regions where you have permissions. Make sure the region for the CreateBucket call matches a region allowed in your IAM policy. *Make sure there are no Organization SCPs (Service Control Policies) that deny the s3:CreateBucket permission.
Some things to try:
- Create a new IAM user with full S3 permissions and test with that user.
- Check SCPs and bucket policies that may override the IAM permissions.
Adding the right IAM permissions or removing restrictive bucket policies/SCPs should resolve the AccessDenied error for CreateBucket.
answered a year ago
Relevant content
- asked 2 years ago
- AWS OFFICIALUpdated 6 months ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 10 months ago