public:5228_issue:ahsaycbs_failed_to_access_destination_amazons3-1._reason_access_denied_error_returned_when_creating_predefined_destination_for_amazons3

ISSUE: AhsayCBS "Failed to access destination AmazonS3-1. Reason=Access Denied" error returned when creating predefined destination for AmazonS3

Article ID: 5228
Reviewed: 13/01/2017

Product Version:
AhsayOBM: 7.5.0.0 or above
OS: ALL

Problem Description

When performing creating a new predefined destination for AmazonS3 on AhsayCBS, the following error is shown in the AhsayCBS web admin console “Failed to access destination AmazonS3-1. Reason=Access Denied”


Cause:
This issue is a result of insufficient permission assignments in the Amazon Policy group which grants permissions to the affected bucket.

When granting access permissions to a bucket via policy control correct access permission for both the files/folders within the bucket, as well as the bucket itself must be granted, for example the bucket “ahsay-1b73760024477” and files/folders within the “ahsay-1b73760024477/*” .

Resolution

To resolve the issue, please assign the following permissions to the policy “Get”, “List”,”Delete”, and “Put”

  1. Login to Amazon S3 web service console.

  2. Enter “IAM” for the Identity and Access Management page in the search box.

  3. Select “Policies” and enter policy name to search for the policy, for example “cbs”

  4. Click on the policy name, for example “CBS-Server-Access-Policy” is used to assign permission to the bucket “ahsay-1b73760024477”

    In the “Policy Document” Tab enter the following JSON policy script to assign the correct permissions to the bucket.

    For example, assign “Get”, “List”,”Delete”, and “Put” permissions to the following bucket "ahsay-1b73760024477" and all files/folders within the bucket "ahsay-1b73760024477/*"
    {
    "Version": "2012-10-17",
    "Statement": [
    {
    "Sid": "Stmt1481791539000",
    "Effect": "Allow",
    "Action": [
    "s3:Get*",
    "s3:List*",
    "s3:Delete*",
    "s3:Put*"
    ],
    "Resource": [
    "arn:aws:s3:::ahsay-1b73760024477",
    "arn:aws:s3:::ahsay-1b73760024477/*"
    ]
    }
    ]
    }


  5. Click on [Validate Policy] button, once the policy has been validated. Click on [Save] Button.
  6. Login to AhsayCBS web admin and retry adding the predefinee destination

References:
https://docs.aws.amazon.com/AmazonS3/la ... rview.html
https://docs.aws.amazon.com/AmazonS3/la ... point.html
https://docs.aws.amazon.com/AmazonS3/la ... ermissions

Keywords

Amazon S3, predefined destination, IAM, permissions, bucket, access denied, Failed to access destination, policy control, validate policy, policies

public/5228_issue/ahsaycbs_failed_to_access_destination_amazons3-1._reason_access_denied_error_returned_when_creating_predefined_destination_for_amazons3.txt · Last modified: 2018/06/28 11:04 by mike.gong