When you suffer from the "API: s3:PutBucketPolicy Access Denied" error while creating a new S3 bucket, how can we resolve it?

Due to changing the default configuration of Amazon S3, we need to add the blockPublicAccess attribute to the CDK project.

What error did I see?

When I tried to create a new Amazon S3 bucket for hosting a new website:

    const websiteBucket = new Bucket(this, 'SonikStaticAssets', {
      websiteIndexDocument: 'index.html',
      publicReadAccess: true,
    });

I met the following CloudFormation error.

CdkSonikAppStack: deploying... [1/1]
CdkSonikAppStack: creating CloudFormation changeset...
10:08:29 PM | CREATE_FAILED        | AWS::S3::BucketPolicy       | SonikStaticAssetsPolicy8AA45F84
API: s3:PutBucketPolicy Access Denied


 ❌  CdkSonikAppStack failed: Error: The stack named CdkSonikAppStack failed to deploy: UPDATE_ROLLBACK_COMPLETE: API: s3:PutBucketPolicy Access Denied

Add the blockPublicAccess attributes to resolve this issue.

To avoid this error, we need to add the blockPublicAccess: BlockPublicAccess.BLOCK_ACLS attributes.

    const websiteBucket = new Bucket(this, 'SonikStaticAssets', {
      websiteIndexDocument: 'index.html',
      publicReadAccess: true,
      blockPublicAccess: BlockPublicAccess.BLOCK_ACLS,
    });

Referenced

• https://zenn.dev/shimo_s3/articles/d5f104ff3bac1f
• https://aws.amazon.com/jp/blogs/aws/heads-up-amazon-s3-security-changes-are-coming-in-april-of-2023/