Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ServerlessError: Access Denied - due to AWS S3 change #183

Closed
benheymink opened this issue Apr 24, 2023 · 1 comment · Fixed by #184
Closed

ServerlessError: Access Denied - due to AWS S3 change #183

benheymink opened this issue Apr 24, 2023 · 1 comment · Fixed by #184
Labels
released

Comments

@benheymink
Copy link
Contributor

Describe the bug
Deployments to some AWS regions are currently failing owing to a recent AWS change: https://aws.amazon.com/blogs/aws/heads-up-amazon-s3-security-changes-are-coming-in-april-of-2023/

To Reproduce
Attempt to deploy the 'barebones' example from the repo to eu-west-1.

Expected behavior
Bucket created and everything configured as expected

Configuration

service: serverless-finch-test

provider:
    name: aws
    runtime: nodejs18.x
    stage: dev
    region: eu-west-1

plugins:
    - serverless-finch

custom:
    client:
        bucketName: serverless-finch-test

Operating system (please complete the following information):

  • OS: Mac 13.0.1
  • serverless framework version 3.30.1
  • serverless-finch version 4.0.0

Additional context
One of our engineers looked at the finch code and it seems pretty simple. It does this:
CreateBucket
PutBucketPolicy (allow public read)
It seems likely this no longer works because PutBucketPolicy(allow public read) clashes with the new default setting of BlockPublicPolicy=true. So finch needs to be changed to do something like:
CreateBucket
PutPublicAccessBlock(BlockPublicPolicy=false)
PutBucketPolicy(allow public read)
@benheymink benheymink mentioned this issue Apr 24, 2023
Merged
mikejpeters pushed a commit that referenced this issue Apr 25, 2023
@benheymink
fix(bucket-utils): bucket creation now removes the public access bloc…
59d9012 
…k applied by S3 (#184)

deployments to some AWS regions are currently failing owing to a recent AWS change:
https://aws.amazon.com/blogs/aws/heads-up-amazon-s3-security-changes-are-coming-in-april-of-2023/ -
this change ensures that the public access block is now removed on bucket creation.

fix #183
@github-actions
Copy link

🎉 This issue has been resolved in version 4.0.1 🎉

The release is available on:

Your semantic-release bot 📦🚀

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
released
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

fix(bucket-utils): bucket creation now removes the public access bloc…
1 participant
@benheymink