Error putting S3 policy: AccessDenied: Access Denied

[mikeyudin]

While attempting to run this module, I am getting Error putting S3 policy: AccessDenied: Access Denied when tf attempts to assign a policy to the fqdn bucket. I believe because it's trying to assign a bucket policy to a bucket that blocks public access (https://aws.amazon.com/premiumsupport/knowledge-center/s3-access-denied-bucket-policy/).

It works perfectly if I do not assign the policy to the bucket. Any ideas why this is happening? Are there drawbacks to excluding this policy if the bucket is private?

Thank you for your work on this module. It is very helpful!

[ronaldtse]

Thanks @mikeyudin for the report! The S3 bucket policy here is used to allow CloudFront access, because CloudFront is used to serve the redirect while the S3 bucket is kept private.

Can you provide a bit more detail for reproduction purposes:

• are you using this on a vanilla setup?
• is this module managing the S3 bucket for you?

Thanks!

[mikeyudin]

@ronaldtse I copied and pasted www-redirect config from your main repo and ran this. I have S3 set to block all public access by default for buckets, and I am letting the module manage the S3 bucket.

Please let me know if there's any other info I can provide. For now I commented out the "policy" line from s3.tf.

[ronaldtse]

@mikeyudin sorry for the late reply here. @phuonghuynh would you be able to check this? Thanks!