I use Bref (https://bref.sh/). I try to configure the serverless.yml file with AWS S3 in order to store assets like img, css, js. When i deploy with "serverless deploy" command i have this error:
An error occurred: AssetsBucketPolicy - API: s3:PutBucketPolicy Access Denied.
In my AWS account, I have "AdministratorAccess" permissions (https://www.youtube.com/watch?v=KngM5bfpttA&list=PL0_-jlAhLRgEcU0P0Ivi4OO844pgrzJOU&index=2&t=0s)
strategy AdministratorAccess
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "*",
"Resource": "*"
}
]
}
My serverless.yml file is:
service: bref-demo-symfony
provider:
name: aws
region: us-east-1
runtime: provided
environment:
# Symfony environment variables
APP_ENV: prod
plugins:
- ./vendor/bref/bref
functions:
website:
handler: public/index.php
timeout: 28 # in seconds (API Gateway has a timeout of 29 seconds)
layers:
- ${bref:layer.php-73-fpm}
events:
- http: 'ANY /'
- http: 'ANY /{proxy+}'
console:
handler: bin/console
timeout: 120 # in seconds
layers:
- ${bref:layer.php-73} # PHP
- ${bref:layer.console} # The "console" layer
resources:
Resources:
# The S3 bucket that stores the assets
Assets:
Type: AWS::S3::Bucket
Properties:
BucketName: my-unique-serverless-assets-bucket
# The policy that makes the bucket publicly readable
AssetsBucketPolicy:
Type: AWS::S3::BucketPolicy
Properties:
Bucket: !Ref Assets # References the bucket we defined above
PolicyDocument:
Statement:
- Effect: Allow
Principal: '*' # everyone
Action: 's3:GetObject' # to read
Resource: 'arn:aws:s3:::my-unique-serverless-assets-bucket/*' # things in the bucket
On AWS S3, i try to add a strategy on the bucket with
{
"Id": "Policy1573043469280",
"Version": "2012-10-17",
"Statement": [
{
"Sid": "Stmt1573043465451",
"Action": "s3:*",
"Effect": "Allow",
"Resource": "arn:aws:s3:::bref-demo-symfony-dev-serverless-assets/assets",
"Principal": "*"
}
]
}
I have a message like "access denied", "You can't grant public access because Block public access settings are turned on for this account. To determine which settings are turned on, check your Block public access settings." Why ?
I don't understand how to configure it ? This permission (AdministratorAccess) is not enough?
Thank you!
Try to add
iamRoleStatements
for example if you need get and put object add this code on theiamRoleStatements
for example:This is another example:
If you need more information read the serverless documentation: Serverless IAM Roles