We are trying to attach session policy in aws but we are receiving the following error and still can't figure out why this error
We are using S3 bucket and Secure Token service
Note: We are getting the temporary credentials but the policy is not attaching to the role
Error NoSuchBucketPolicy: The bucket policy does not exist
Here is the sample of our code
var AWS = require('aws-sdk');
const s3 = new AWS.S3();
var sts = new AWS.STS({ apiVersion: '2011-06-15' });
var access_key, secret_access_key, session_token;
const bucketpolicy=
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "Stmt1608525393608",
"Effect": "Allow",
"Action": "s3:*",
"Resource":"arn:aws:s3:::temp.bucket2/user_id/*"
}
]
};
// var myJSON = JSON.stringify(bucketpolicy);
const role = {
RoleArn: 'arn:aws:iam::xxxxxxxx:role/webClientRole',
Policy: JSON.stringify(bucketpolicy),
RoleSessionName: 'my-test-roles',
DurationSeconds: 3600
};
sts.assumeRole(role, (err, data) => {
if (err) {
console.log(err.message);
return
}
console.log(data)
access_key = data.Credentials.AccessKeyId,
secret_access_key = data.Credentials.SecretAccessKey,
session_token = data.Credentials.SessionToken
console.log(access_key)
console.log(secret_access_key,)
console.log(session_token)
AWS.Credentials({
region: 'ap-southeast-1',
accessKeyId: access_key,
secretAccessKey: secret_access_key,
sessionToken: session_token
});
AWS.config.update({
region: 'ap-southeast-1',
accessKeyId: access_key,
secretAccessKey: secret_access_key,
sessionToken: session_token
}
);
})
// call S3 to retrieve policy for selected bucket
s3.getBucketPolicy({Bucket: "bucket_name"}, function(err, data) {
if (err) {
console.log("Error", err);
} else if (data) {
console.log("Success", data.Policy);
}
});
You´re trying to retrieve a bucket policy that doesn´t exist. Buckets don't have a policy until you apply one. You can do so using putBucketPolicy()
:
var bucketName = "your_bucket_name";
var bucketPolicy = {
"Version": "2012-10-17",
"Statement": [{
...
}]
};
var params = {
Bucket: BucketName,
Policy: bucketPolicy
};
s3.putBucketPolicy(params, function(err, data) {
if (err) {
console.log("Error", err);
} else if (data) {
console.log("Success", data);
}
});
// Now s3.getBucketPolicy() should return the applied policy