Search code examples
node.jsamazon-web-servicesamazon-s3sts

message: 'The bucket policy does not exist', code: 'NoSuchBucketPolicy',


We are trying to attach session policy in aws but we are receiving the following error and still can't figure out why this error

We are using S3 bucket and Secure Token service

Note: We are getting the temporary credentials but the policy is not attaching to the role

Error NoSuchBucketPolicy: The bucket policy does not exist

Here is the sample of our code

var AWS = require('aws-sdk');
const s3 = new AWS.S3();
var sts = new AWS.STS({ apiVersion: '2011-06-15' });

var access_key, secret_access_key, session_token;


const bucketpolicy=
{
 
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "Stmt1608525393608",
      "Effect": "Allow",
      "Action": "s3:*",
     
      "Resource":"arn:aws:s3:::temp.bucket2/user_id/*"
     
    }
  ]

};
// var myJSON = JSON.stringify(bucketpolicy);
const role = {
  RoleArn: 'arn:aws:iam::xxxxxxxx:role/webClientRole',
  Policy: JSON.stringify(bucketpolicy),
  RoleSessionName: 'my-test-roles',
  DurationSeconds: 3600
};
sts.assumeRole(role, (err, data) => {
  if (err) {

    console.log(err.message);
    return
  }
  console.log(data)
  access_key = data.Credentials.AccessKeyId,
    secret_access_key = data.Credentials.SecretAccessKey,
    session_token = data.Credentials.SessionToken
  console.log(access_key)
  console.log(secret_access_key,)
  console.log(session_token)
  AWS.Credentials({
    region: 'ap-southeast-1',
    accessKeyId: access_key,
    secretAccessKey: secret_access_key,
    sessionToken: session_token
  });
  AWS.config.update({
    region: 'ap-southeast-1',
    accessKeyId: access_key,
    secretAccessKey: secret_access_key,
    sessionToken: session_token
  }
  );
})
 
// call S3 to retrieve policy for selected bucket
s3.getBucketPolicy({Bucket: "bucket_name"}, function(err, data) {
  if (err) {
    console.log("Error", err);
  } else if (data) {
    console.log("Success", data.Policy);
  }
});

Solution

  • You´re trying to retrieve a bucket policy that doesn´t exist. Buckets don't have a policy until you apply one. You can do so using putBucketPolicy():

    var bucketName = "your_bucket_name";
    
    var bucketPolicy = { 
      "Version": "2012-10-17",
      "Statement": [{
        ...
      }]
    };
    
    var params = {
      Bucket: BucketName, 
      Policy: bucketPolicy
    };
    
    s3.putBucketPolicy(params, function(err, data) {
      if (err) {
        console.log("Error", err);
      } else if (data) {
        console.log("Success", data);
      }
    });
    
    // Now s3.getBucketPolicy() should return the applied policy