I have S3 buckets with particular user access. Now I am trying to submit EMR job on aws. But It is showing me access denied.
What I am doing wrong here?
Bucket Policy Sample:
AUser:
Description: Name of the AUser
Type: String
BUser:
Description: Name of the BUser
Type: String
Resources:
MetadataBucketSecurity:
Type: AWS::S3::BucketPolicy
Properties:
Bucket:
Ref: MetadataBucket
PolicyDocument:
Version: '2012-10-17'
Statement:
-
Effect: Deny
NotPrincipal:
AWS:
- !Sub 'arn:aws:iam::${AWS::AccountId}:user/${AUser}'
- !Sub 'arn:aws:iam::${AWS::AccountId}:user/${BUser}'
Action:
- 's3:ListBucket'
- 's3:RestoreObject'
- 's3:ReplicateObject'
- 's3:PutObject'
- 's3:PutBucketNotification'
- 's3:PutBucketLogging'
- 's3:PutObjectTagging'
- 's3:DeleteObject'
- 's3:GetObjectAcl'
- 's3:GetObject'
- 's3:GetBucketLogging'
- 's3:GetBucketAcl'
- 's3:ListBucketByTags'
- 's3:GetObjectVersionAcl'
- 's3:GetBucketPolicy'
Resource:
- !Sub 'arn:aws:s3:::${Bucket}'
- !Sub 'arn:aws:s3:::${Bucket}/*'
Reason : S3 Service Error.
Caused by: com.amazon.ws.emr.hadoop.fs.shaded.com.amazonaws.services.s3.model.AmazonS3Exception: Access Denied (Service: Amazon S3; Status Code: 403; Error Code: AccessDenied;
