Permissions for Bamboo Artifact Storage on S3

Hi, 

We recently switched to using S3 for artifact storage. We have a plan which has a shared artifact. The job which generates the artifact successfully uploads the artifact to S3 but the job which consumes that artifact is erroring with (obfuscated);

15-Jun-2015 17:18:00Preparing artifact 'ABC' for use at ABC
15-Jun-2015 17:18:00Access Denied (Service: Amazon S3; Status Code: 403; Error Code: AccessDenied; Request ID: ABC123ABC123)
15-Jun-2015 17:18:00Failure in artifact preparation phase during processing of: Subscription for Shared artifact: [ABC], pattern: [**/*] anchored at: [/ABC/ABC/bin], destination: [ABC]
15-Jun-2015 17:18:001 error(s) found when performing pre-build actions.

The IAM account that bamboo is using has the following policy;

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "Stmt1234383843000",
            "Effect": "Allow",
            "Action": [
                "s3:GetBucketLocation",
                "s3:ListAllMyBuckets"
            ],
            "Resource": [
                "arn:aws:s3:::*"
            ]
        },
        {
            "Sid": "Stmt1234383879000",
            "Effect": "Allow",
            "Action": [
                "s3:*"
            ],
            "Resource": [
                "arn:aws:s3:::atlassian-net-bamboo-artifacts/*"
            ]
        }
    ]
}

Any ideas what permission we are missing? Using the AWS policy simulator I can see that the IAM account has permissions to all actions in the specified bucket. 

 

Thanks. 

1 answer

0 vote

Change ListAllMyBuckets to ListBucket and resource name to arn:aws:s3:::atlassian-net-bamboo-artifacts

Suggest an answer

Log in or Sign up to answer
How to earn badges on the Atlassian Community

How to earn badges on the Atlassian Community

Badges are a great way to show off community activity, whether you’re a newbie or a Champion.

Learn more
Community showcase
Published May 18, 2017 in Bamboo

FAQ: How to Upgrade Bamboo Server

Bamboo 5.9 will no longer be supported after June 12, 2017. What does this mean? As part of our End of Life policy, Atlassian supports major versions for two years after the first major iteratio...

1,816 views 0 6
Read article

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you