AWS S3 Bucket policy editor access denied

Question

I am logged in with the root account trying to give public access to a bucket inline with the instructions for setting up a static s3 web site. However I get an access denied message when running the bucket policy.

There is no more detail on the message.

Answer 1

This just recently popped up for us as an error when deploying new static site stacks to S3. Apparently defaults for new S3 buckets recently changed: https://docs.aws.amazon.com/AmazonS3/latest/userguide/create-bucket-faq.html We're deploying via serverless and had to add some config to the S3 bucket definition to get past the issue:

Resources:
   StaticSite:
     Type: AWS::S3::Bucket
     Properties:
       PublicAccessBlockConfiguration:
         BlockPublicPolicy: false

Answer 2

If your bucket policy grants public access, check if S3 Block Public Access is enabled on the bucket.

Answer 3

The accepted answer works even if related comments suggest it's not a good idea for security reasons. In fact it is in line with AWS instructions for static website hosting here

https://docs.aws.amazon.com/AmazonS3/latest/userguide/HostingWebsiteOnS3Setup.html

which answers the OP's question.

To summarise the steps (given in the linked page) to configure a static website on Amazon S3:

1. Create a bucket
2. Enable static website hosting
3. Unblock all public access
4. Add the bucket policy that makes your content publicly available (the yaml config you have in your post)
5. Configure your index document (usually index.html)
6. Configure any error/redirect/no-auth documents (for React this is usually also index.html)

Answer 4

Change the permissions to below works for me:

Answer 5

This could be due to recent changes in S3. To fix this issue, you need to assign Public Access to the bucket, follow the below steps:

1. In the Permissions tab click on the Block Public Access settings.

2. Click Edit to the right of these settings.

3. Make sure Block public access to buckets and objects granted through new public bucket or access point policies option is deselected.

4. Click Save.

5. Go back to the Bucket Policy and try again.

Answer 6

"Manage public bucket policies for this bucket" section need to be unchecked for to introduce "Allow" policies.

But be cautious, unchecking these might enable you to introduce a policy but that policy is a public policy making your bucket public.

Having these checked - You won't be able to introduce "Allow" policies that for this bucket.

You can however introduce "Deny" policies, with these options checked.