-
Goal: Upload images to S3 using Amazon S3 Resource
-
Details: We are seeing an intermittent issue with S3 but the S3 credentials used has the required permissions already.
We are getting this error from time to time:
error: true
isRetoolSystemError: false
message: "User: arn:aws:iam::<iam number>:user/<user2>is not authorized to perform: s3:GetBucketLocation on resource: \"arn:aws:s3:::cdn-<bucket_name>\" because no identity-based policy allows the s3:GetBucketLocation action"
But our policies are already setup like this:
{
"Policy": "{\"Version\":\"2012-10-17\",\"Statement\":[{\"Effect\":\"Allow\",\"Principal\":{\"AWS\":\"*\"},\"Action\":\"s3:GetObject\",\"Resource\":\"arn:aws:s3:::cdn-<bucket_name>/*\"},{\"Effect\":\"Allow\",\"Principal\":{\"AWS\":[\"arn:aws:iam::<iam number>:user/<user1>\",\"arn:aws:iam::<iam number>:user/<user2>\"]},\"Action\":[\"s3:DeleteObject\",\"s3:GetBucketAcl\",\"s3:GetBucketCORS\",\"s3:GetBucketLocation\",\"s3:GetBucketLogging\",\"s3:GetBucketNotification\",\"s3:GetBucketPolicy\",\"s3:GetBucketWebsite\",\"s3:GetObject\",\"s3:GetObjectAcl\",\"s3:GetObjectVersion\",\"s3:GetObjectVersionAcl\",\"s3:ListBucket\",\"s3:PutObject\",\"s3:PutObjectAcl\",\"s3:PutObjectTagging\",\"s3:PutObjectVersionAcl\",\"s3:PutObjectVersionTagging\"],\"Resource\":[\"arn:aws:s3:::cdn-<bucket_name>\",\"arn:aws:s3:::cdn-<bucket_name>/*\"]}]}"
}
what would the cause of error be?