Hi team,
I am working on aws lab and I’m running into an AccessDenied error when trying to create an S3 bucket . It seems like the lab environment has a Service Control Policy (SCP) that is explicitly blocking Terraform from checking the Transfer Acceleration configuration.
Context:
I am using the standard aws_s3_bucket resource. The bucket creation seems to initiate, but fails during the read/refresh state regarding acceleration settings.
The Terraform Code:
resource "aws_s3_bucket" "lab_bucket_tf" {
bucket = var.user_name
tags = {
Name = "Lab bucket"
Environment = "Dev"
}
}
The Error:
Error: reading S3 Bucket (kk-labs-user-982908-tf) accelerate configuration:
operation error S3: GetBucketAccelerateConfiguration,
https response error StatusCode: 403,
RequestID: 2JH66TXCA5K9TEYW,
HostID: ScWZYShNmhq5xQjZZ2fHYgvMUXLJj1G+avfR4MXmuL9OmXblQCwHBLdRjTeExdO1DELHfagL90TJgoN/h22T9g==,
api error AccessDenied: User: arn:aws:iam::944683179843:user/kk_labs_user_982908 is not authorized to perform: s3:GetAccelerateConfiguration on resource: "arn:aws:s3:::kk-labs-user-982908-tf" with an explicit deny in a service control policy
Has anyone encountered this specific SCP restriction in the labs? Is there a way to configure the aws_s3_bucket resource to skip checking for GetAccelerateConfiguration, or is this a transient issue with the lab account permissions?
Thanks!