Welcome to our Lab Guide for our Hands-on Lab: Using S3 Bucket Policies and Conditions to Restrict Specific Permissions.
In this lab, there are generally two common errors that students report. First, an "Unexpected Error - network failure" warning is shown, and second, they receive an ARN error. This guide addresses both.
Below are the steps to pass the validation check when the Unexpected Error - Network Failure warning appears.
-
Go to the bucket you just created:
-
Go to the permissions tab, scroll down to bucket policy and click edit:
-
Click on the policy generator button which will open a new browser:
-
In the policy generator, ensure that the below details are entered as required:
-
Select Type of Policy: Select S3 Bucket Policy
-
Effect: Select the Deny radio button
-
Principal: Enter *
-
Actions:
-
Check PutObject
-
-
ARN: Enter arn:aws:s3:::calabs-bucket/* (you can copy the ARN for the Edit bucket policy page)
-
Important: Modify the name of the bucket at the end of the ARN to match the bucket you created earlier
-
Important: Ensure you add the slash and the asterisk at the end of the ARN to have the policy apply to objects in the bucket
-
-
Click add condition and enter the below details:
-
Condition: Select NotIpAddress
-
Key: Select aws:SourceIp
-
Value: Enter 1.2.3.4
-
-
Click add statement, then add condition, then generate policy
-
-
Copy the generated policy and paste it into the edit policy box:
5) Click save. If you are seeing this at the bottom, you may ignore it and just click save.
It will still save as below:
6) You may then proceed to the next step, which will ask you to generate another policy, it will look like below:
If you see the same warning below, please ignore it as it will still save as long as you have the correct generated policy (especially the bucket format)
If you received an ARN error, that means you mistyped or accidentally pasted the policy incorrectly into the editor.
This should let you pass the check and the lab:
I hope these extra steps help! Should you continue to experience any other errors, please email support@cloudacademy.com
Happy Training!
Comments
0 comments
Article is closed for comments.