0

We are trying to attach session policy in aws but we are receiving the following error and still can't figure out why this error

We are using S3 bucket and Secure Token service

Note: We are getting the temporary credentials but the policy is not attaching to the role

Error NoSuchBucketPolicy: The bucket policy does not exist

Here is the sample of our code

var AWS = require('aws-sdk');
const s3 = new AWS.S3();
var sts = new AWS.STS({ apiVersion: '2011-06-15' });

var access_key, secret_access_key, session_token;


const bucketpolicy=
{
 
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "Stmt1608525393608",
      "Effect": "Allow",
      "Action": "s3:*",
     
      "Resource":"arn:aws:s3:::temp.bucket2/user_id/*"
     
    }
  ]

};
// var myJSON = JSON.stringify(bucketpolicy);
const role = {
  RoleArn: 'arn:aws:iam::xxxxxxxx:role/webClientRole',
  Policy: JSON.stringify(bucketpolicy),
  RoleSessionName: 'my-test-roles',
  DurationSeconds: 3600
};
sts.assumeRole(role, (err, data) => {
  if (err) {

    console.log(err.message);
    return
  }
  console.log(data)
  access_key = data.Credentials.AccessKeyId,
    secret_access_key = data.Credentials.SecretAccessKey,
    session_token = data.Credentials.SessionToken
  console.log(access_key)
  console.log(secret_access_key,)
  console.log(session_token)
  AWS.Credentials({
    region: 'ap-southeast-1',
    accessKeyId: access_key,
    secretAccessKey: secret_access_key,
    sessionToken: session_token
  });
  AWS.config.update({
    region: 'ap-southeast-1',
    accessKeyId: access_key,
    secretAccessKey: secret_access_key,
    sessionToken: session_token
  }
  );
})
 
// call S3 to retrieve policy for selected bucket
s3.getBucketPolicy({Bucket: "bucket_name"}, function(err, data) {
  if (err) {
    console.log("Error", err);
  } else if (data) {
    console.log("Success", data.Policy);
  }
});
int main
  • 23
  • 3
  • What line of code is throwing that error? – Mark B Dec 21 '20 at 15:10
  • FYI all of the SDK methods have a `.promise()` variant. – jarmod Dec 21 '20 at 16:56
  • You're not actually using the `bucketpolicy` variable for anything. Also, if you're intending to use this as an S3 bucket policy, as opposed to an IAM policy, then it's not actually a valid bucket policy - bucket policies must have a [Principal](https://docs.aws.amazon.com/AmazonS3/latest/dev/s3-bucket-user-policy-specifying-principal-intro.html). – jarmod Dec 21 '20 at 17:00
  • @MarkB The getBucketpolicy is giving the error basically this line console.log("Error", err); – int main Dec 21 '20 at 18:39

1 Answers1

2

You´re trying to retrieve a bucket policy that doesn´t exist. Buckets don't have a policy until you apply one. You can do so using putBucketPolicy():

var bucketName = "your_bucket_name";

var bucketPolicy = { 
  "Version": "2012-10-17",
  "Statement": [{
    ...
  }]
};

var params = {
  Bucket: BucketName, 
  Policy: bucketPolicy
};

s3.putBucketPolicy(params, function(err, data) {
  if (err) {
    console.log("Error", err);
  } else if (data) {
    console.log("Success", data);
  }
});

// Now s3.getBucketPolicy() should return the applied policy
Dennis Traub
  • 50,557
  • 7
  • 93
  • 108