Hi there,
There is actually no need for setting up the bucket policy at all. It can just be set to block the public access.
Important thing is to setup the role and it's permission profile correctly.
Make sure you have the role for S3 adjusted correctly:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::<aws_account_ID_for_gc_region>:root"
},
"Action": "sts:AssumeRole",
"Condition": {
"StringEquals": {
"sts:ExternalId": "<org_ID>"
}
}
}
]
}
And the IAM S3 policy looks as follows:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "ForGC",
"Effect": "Allow",
"Action": [
"s3:GetEncryptionConfiguration",
"s3:PutObjectAcl",
"s3:PutObject",
"s3:GetBucketLocation"
],
"Resource": [
"arn:aws:s3:::<bucket_name>",
"arn:aws:s3:::*/*"
]
}
]
}
Then the integration will work as well, and you don't need to make the s3 bucket public.
------------------------------
Mateusz Janowicz
-
------------------------------
Original Message:
Sent: 09-29-2024 16:19
From: Priyavarshini Manohar
Subject: S3 Bucket Integration
Thanks for your solution, Mateusz! I guess this will do the trick.
Kind Regards,
Priyavarshini Manohar
Development Operations Engineer
Black Box Technologies New Zealand Ltd
Mob: +64 27 700 8870 | Office: +64 09 477 0501
Next Leave Notification: NA
Original Message:
Sent: 9/26/2024 5:47:00 AM
From: Mateusz Janowicz
Subject: RE: S3 Bucket Integration
Hi Priya,
I resolved this by adjusting the S3 bucket policy. I was getting an error
stack_trace:"com.amazonaws.services.s3.model.AmazonS3Exception: Access Denied
Genesys Cloud wants to put a test object to the bucket, while activating the integration. Make sure the policy for the bucket is set properly in terms of putting objects, by other accounts.
------------------------------
Mateusz Janowicz
infinit.cx GmbH
Original Message:
Sent: 09-25-2024 23:13
From: Priyavarshini Manohar
Subject: S3 Bucket Integration
Hi Mateusz,
We are facing the same error message when we updated new credential information to the integration. is this resolved now?
Cheers,
Priya
------------------------------
Priyavarshini Manohar
Black Box Technologies New Zealand Limited
Original Message:
Sent: 07-29-2024 06:43
From: Mateusz Janowicz
Subject: S3 Bucket Integration
Hi,
I'm trying to configure the S3 Bucket Integration.
It is configured within Genesys Cloud with the S3 Bucket name and the credentials look as follows:
arn:aws:iam::accountid:role/myrole
Credentials are marked with green checkbox Configured.
AWS:
Roles trusted entities:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::765628985471:root"
},
"Action": "sts:AssumeRole",
"Condition": {
"StringEquals": {
"sts:ExternalId": "org_ID"
}
}
}
]
}
This role has permissions assigned:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"s3:PutObject",
"s3:GetEncryptionConfiguration",
"s3:GetBucketLocation",
"s3:PutObjectAcl"
],
"Resource": "arn:aws:s3:::mybucket"
}
]
}
Block all public access is set to off.
However when activating the integration I'm getting the following:
Has anyone encountered this issue before?
BR,
Mateusz
#API/Integrations
------------------------------
Mateusz Janowicz
infinit.cx GmbH
------------------------------