[Bug] Access denied when allowing public reads on newly created bucket

[iamogbz]

Failure while deploying build using aws-spa

[S3] ✏️ Allow public read to "s3.bucket.domain"...
💥 Access Denied

Reason due to initial bucket creation having the Block public access (bucket settings) - All setting enabled.

Can be fixed by adding a remove block public access step before the allow public read bucket policy update.

export const setBucketPolicy = async (bucketName: string) => {
  logger.info(`[S3] ✏️ Allow public read to "${bucketName}"...`);
  // remove public access block
  await s3
    .putPublicAccessBlock({
      Bucket: bucketName,
      PublicAccessBlockConfiguration: {
        BlockPublicAcls: false,
        IgnorePublicAcls: false,
        BlockPublicPolicy: false,
        RestrictPublicBuckets: false,
      },
    })
    .promise();
  // allow public reads
  return s3
    .putBucketPolicy({
      Bucket: bucketName,
      Policy: JSON.stringify({
        Statement: [
          {
            Sid: "AllowPublicRead",
            Effect: "Allow",
            Principal: {
              AWS: "*",
            },
            Action: "s3:GetObject",
            Resource: `arn:aws:s3:::${bucketName}/*`,
          },
        ],
      }),
    })
    .promise();
};

at

aws-spa/src/s3.ts

Lines 117 to 137 in 6031af3

	export const setBucketPolicy = (bucketName: string) => {
	logger.info(`[S3] ✏️ Allow public read to "${bucketName}"...`);
	return s3
	.putBucketPolicy({
	Bucket: bucketName,
	Policy: JSON.stringify({
	Statement: [
	{
	Sid: "AllowPublicRead",
	Effect: "Allow",
	Principal: {
	AWS: "*",
	},
	Action: "s3:GetObject",
	Resource: `arn:aws:s3:::${bucketName}/*`,
	},
	],
	}),
	})
	.promise();
	};

[GregdTd]

Should be resolved by: #58