Terraform aws_s3_bucket_policy AccessDenied Error, but Policy Applies Successfully in AWS GUI

Question

I'm encountering an "AccessDenied" error when attempting to create an S3 bucket along with policy using Terraform, but I can successfully apply the same policy manually through the AWS GUI.

I am using Terraform v1.6.6

Here's my Terraform configuration:

provider "aws" {
  alias = "main"
  region = var.region
}


# Create the S3 bucket
resource "aws_s3_bucket" "ctcuserkycdoc" {
  bucket = "ctcuserkycdoc"
}


resource "aws_s3_bucket_policy" "bucket_policy" {
  bucket = aws_s3_bucket.ctcuserkycdoc.id  
  policy = <<EOF
{
  "Version": "2008-10-17",
  "Statement": [
    {
      "Sid": "AllowPublicRead",
      "Effect": "Allow",
      "Principal": "*",
      "Action": [
        "s3:GetObject",
        "s3:PutObject",
        "s3:ListBucket",
        "s3:DeleteObject",
        "s3:GetBucketLocation"
      ],
      "Resource": [
        "arn:aws:s3:::ctcuserkycdoc",
        "arn:aws:s3:::ctcuserkycdoc/*"
      ],
      "Condition": {
        "IpAddress": {
          "aws:SourceIp": [
            "13.176.4.126"
          ]
        }
      }
    }
  ]
}
EOF
}

# Output the S3 bucket ARN
output "s3_bucket_arn" {
  value = aws_s3_bucket.ctcuserkycdoc.arn
}

Error Message:

aws_s3_bucket.ctcuserkycdoc: Creating...
aws_s3_bucket.ctcuserkycdoc: Creation complete after 8s [id=ctcuserkycdoc]
aws_s3_bucket_policy.bucket_policy: Creating...
╷
│ Error: putting S3 Bucket (ctcuserkycdoc) Policy: operation error S3: PutBucketPolicy, https response error StatusCode: 403, RequestID: TK7FT2H1R49T3N1V, HostID: tZa9+/mHxsyjuEQ+Kai+saE5/eKZrW57CY+AJ11IVsBZu2YWY4TCxxMl2UAgUsdasWMA6UDn9NhcGCo=, api error AccessDenied: Access Denied
│
│   with aws_s3_bucket_policy.bucket_policy,
│   on main.tf line 14, in resource "aws_s3_bucket_policy" "bucket_policy":
│   14: resource "aws_s3_bucket_policy" "bucket_policy" {

Any assistance would be greatly appreciated!

Steps Already Taken:

• IAM Permissions: I've verified that the IAM user/role executing Terraform has the necessary permissions, including s3:PutBucketPolicy.
• Policy Document: I've validated the policy document for syntax and consistency.
• Provider Configuration: I've confirmed the AWS provider configuration in Terraform is correct.
• Terraform State: I've checked for any existing policy conflicts in Terraform's state.

Answer 1

If possible, try providing full permission, if it works, you can follow the top-down approach by giving the required permission. This clearly seems to be a permission issue.