Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

S3 Bucket Policy Changes Not Recognized As A Change on CDK Deploy

See original GitHub issue

When making changes to a bucket policy from a pre-existing bucket, applying changes to its Policy are not applied. The CDK seems to act as if no changes are needed

Reproduction Steps

Note that I have changed the names of things in this example to simplify and avoid disclosing

Adding the following code to my application to edit a pre-existing bucket’s bucket policy so that other resources may get to it which may or may not have been created with the CDK

const myPreExistingBucket = s3.Bucket.fromBucketName(this, 'MyPreExistingBucket-Lookup-ID', "mypreexistingbucket");
myPreExistingBucket.addToResourcePolicy(new iam.PolicyStatement({
                new iam.AccountPrincipal("arn:aws:iam::XXXXXXXXXXXX:root")

Then deploy with the CDK: cdk -i --region us-east-1 --app 'npx --quiet ts-node app.ts' deploy --profile datascience

Error Log

Error message is not an error but a false positive in that there are no changes needing to be applied, when there are. Checking the account as well shows no updates in the cloud formation templates and the Bucket Policy not being applied to the Bucket


  • CLI Version : Attempted with v1.26.0 and v1.18.0
  • Framework Version: Nodejs - v12.16.1, NPM - v6.13.4
  • OS : MAC OS Mojave
  • Language : Typescript - v3.7.4


This is 🐛 Bug Report

Issue Analytics

  • State:closed
  • Created 4 years ago
  • Reactions:13
  • Comments:18 (9 by maintainers)

github_iconTop GitHub Comments

omishaguptacommented, Mar 23, 2022

I’m kinda facing similar issue. Is there a way to append the statements to existing policy in the existing bucket? The solutions discussed here just overwrites the whole bucket policy.

philhorrockscommented, Oct 12, 2020

just experienced this issue. An error would be nice as cdk fails silently 😦

Read more comments on GitHub >

github_iconTop Results From Across the Web

Troubleshooting common AWS CDK issues
When deploying my AWS CDK stack, I receive a NoSuchBucket error ... My S3 bucket, DynamoDB table, or other resource is not deleted...
Read more >
CDK not updating - Stack Overflow
This is to say, if it doesn't think anything has changed, it wont change that resource. This can, of course, be very annoying...
Read more >
AWS CDK Toolkit - npm
If a resource fails to be created or updated, the deployment will roll back before the CLI returns. All changes made up to...
Read more >
Resolve 403 errors when modifying an S3 bucket policy
Check that the IAM user or role has s3:Get:BucketPolicy permission to view the bucket policy and s3:PutBucketPolicy permission to edit it. · If...
Read more >
How to set up an Amazon S3 Bucket using AWS CDK
The example code that is provided comes with all steps required to run and deploy the AWS CDK code in AWS Cloud. First,...
Read more >

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Post

No results found

github_iconTop Related Hashnode Post

No results found