-
Notifications
You must be signed in to change notification settings - Fork 103
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
s3:PutPublicAccessBlock Access Denied #124
Comments
Thanks Sang! So this error is occurring in the CDK bootstrap process, the bucket is not public, it is actually the opposite; its being set as explicitly not public. The error is occurring due to your organizations policy blocking any usage of the There is a CDK optioon: We also use the block public access inside our own code for internal buckets, e.g. matano/infra/src/DPCommonStack.ts Line 32 in 7373558
Amazon S3 announced that all new S3 buckets will have Block Public Access enabled by default, at which point we can safely remove these explicit configurations. However, the change will be rolled out in April 2023 (not yet) (see https://docs.aws.amazon.com/AmazonS3/latest/userguide/create-bucket-faq.html). Can you possibly change your organization policy to allow usage of the |
Thank you for the prompt response Samrose. Because PutPublicAccessBlock will allow making an S3 bucket public so it's blocked by our policy. Is there any way that I can remove this explicit setting from the code and run without using |
I understand, we can add a config option in |
Unblocks users who have org policies preventing usage of s3:PutPublicAccessBlock API (matanolabs#124). Signed-off-by: 🐼 Samrose Ahmed 🐼 <[email protected]>
Unblocks users who have org policies preventing usage of s3:PutPublicAccessBlock API (matanolabs#124). Signed-off-by: 🐼 Samrose Ahmed 🐼 <[email protected]>
I've created a change #125, once its merged and released, you should be able to unblock yourself by just setting # matano.config.yml
aws:
account: "123456789012"
region: "us-east-1"
set_block_public_access: false |
Unblocks users who have org policies preventing usage of s3:PutPublicAccessBlock API (#124).
Thank you team for the great Matano!
When I deploy it I got this error
So will the Matano setup create a public s3 bucket/objects? How can we change it only to create in non-public s3?
The text was updated successfully, but these errors were encountered: