What permissions does S3 need to allow a deploy to AWS Amplify

Question

I put a zip file containing a static site in S3. The bucket is NOT public. I attempted to create an app in AWS Amplify and deploy "manually" from S3. The deploy interface was able to list contents of the bucket and display my zip file.

On hitting deploy though the interface is stuck for the last hour or so on

Waiting to deploy
Your deployment is being queued...

Am I missing permissions on S3 for the deployment to be successful? What permissions can I add short of making the bucket public? I was able to deploy the same zip file using "drag and drop" successfully.

Answer 1

The following S3 policy worked out for us to use start-deployment:

{
"Version": "2012-10-17",
"Statement": [
    {
        "Sid": "VisualEditor0",
        "Effect": "Allow",
        "Action": [
            "s3:PutObject",
            "s3:GetObjectAcl",
            "s3:GetObject",
            "s3:PutObjectVersionAcl",
            "s3:ListBucket",
            "s3:DeleteObject",
            "s3:PutObjectAcl"
        ],
        "Resource": [
            "arn:aws:s3:::{{BUCKET}}/*",
            "arn:aws:s3:::{{BUCKET}}"
        ]
    }
]
}

The following actions seem to be necessary for AWS Amplify:

            "s3:PutObjectVersionAcl",
            "s3:PutObjectAcl",
            "s3:GetObjectAcl",

Answer 2

I had the same problem and I fixed it by adding custom policy to my user. Start with giving full access for the user. Then you can check if it is working and limit the policy.

Policy in JSON format:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "VisualEditor0",
            "Effect": "Allow",
            "Action": "amplify:*",
            "Resource": "*"
        }
    ]
}