Welcome to our Lab Guide for our Hands-on Lab: Using S3 Bucket Policies and Conditions to Restrict Specific Permissions.
In this lab, there are generally two common errors that students report. First, an "Unexpected Error - network failure" warning is shown, and second, they receive an ARN error. This guide addresses both.
Below are the steps that I followed to pass the validation check:
- Go to the bucket you just created:
- Go to the permissions tab, scroll down to bucket policy and click edit:
- Click on the policy generator button which will open a new browser.
- In the policy generator, ensure that the below details are entered as required:
- Select Type of Policy: Select S3 Bucket Policy
- Effect: Select the Deny radio button
- Principal: Enter *
- Actions:
- Check PutObject
-
ARN: Enter arn:aws:s3:::calabs-bucket/* (you can copy the ARN for the Edit bucket policy page)
- Important: Modify the name of the bucket at the end of the ARN to match the bucket you created earlier
- Important: Ensure you add the slash and the asterisk at the end of the ARN to have the policy apply to objects in the bucket
- Click add condition and enter the below details:
- Condition: Select NotIpAddress
- Key: Select aws:SourceIp
- Value: Enter 1.2.3.4
- Click add statement, then add condition, then generate policy
Copy the generated policy and paste it into the edit policy box(check that you have the correct bucket name and format):
5) Click save. If you are seeing this at the bottom, you may ignore it and just click save.
It will still save as below:
6) You will be asked to upload a file twice, the first one is expected to fail as you will not use any encryption, the second time would go through as you will choose the type of encryption:
To upload the file go to objects and click upload. You can choose any small .png file
Before clicking upload expand the properties area and scroll down to server-side encryption, make sure you specify the encryption type as below:
Click upload and the file should be uploaded successfully:
The check will also pass as well as the lab:
If you are getting an error uploading the file, please ensure:
- You are doing it with the correct encryption.
- Your device, network, and browser are allowing the lab environment to upload the file and not blocking it.
I hope these extra steps help! Should you continue to experience any other errors, please email platformsupport@qa.com.
Happy Training!
Comments
0 comments
Article is closed for comments.