Configuring AWS S3 Storage policy permissions for Bamboo
Platform notice: Server and Data Center only. This article only applies to Atlassian products on the Server and Data Center platforms.
Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.
*Except Fisheye and Crucible
Problem
After configuring Amazon S3 artifact storage the job which generates the artifacts successfully uploads the artifacts to S3 but the job which consumes that artifacts displays the error:
Forbidden (Service: Amazon S3; Status Code: 403; Error Code: 403 Forbidden; Request ID: B5872XXXXXXXXXXD)
Cause
AWS credentials used for Elastic Bamboo configuration require S3 permissions in Amazon S3.
Resolution
Add or modify policies in your AWS management console by following this example of a Bamboo IAM account policy configuration:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "Stmt1434671502112",
"Action": [
"s3:DeleteObject",
"s3:DeleteObjectVersion",
"s3:GetBucketLocation",
"s3:GetObject",
"s3:GetObjectAcl",
"s3:GetObjectVersion",
"s3:GetObjectVersionAcl",
"s3:ListBucket",
"s3:PutObject",
"s3:PutObjectAcl",
"s3:PutObjectVersionAcl"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::atlassian-net-bamboo-artifacts"
}
]
}
using AWS Policy Generator