Delete notebook in s3notebook repo is not working

Sun, 25 Jul 2021 09:06:33 -0700 

I have deployed zeppelin 0.9.0 on AWS e2 and configured the s3 Notebook
store. I have IAM role created, ec2 uses that role and defined right bucket
permission for that role.
Create Notebook, modify notebook works but delete is not working, getting
403 error.

I have the right policy defined, below is my policy JSON(Camel case here
last due to some content move). How to know which action is used during
Delete notebooks



{
"version": "2012-10-17",
"id": "bucket_policy",
"statement": [{
"sid": "denyreadaccess",
"effect": "deny",
"principal": "*",
"action": ["s3:getobject", "s3:getobjectversion"],
"resource": "arn:aws:s3:::zeppelin-tes/*",
"condition": {
"arnnotlike": {
"aws:principalarn": "arn:aws:iam::985767567532:role/app/zeppelin-tes"
}
}
}, {
"sid": "denywriteaccess",
"effect": "deny",
"principal": "*",
"action": ["s3:putobject", "s3:putobjectacl"],
"resource": "arn:aws:s3:::zeppelin-tes/*",
"condition": {
"arnnotlike": {
"aws:principalarn": "arn:aws:iam::985767567532:role/app/zeppelin-tes"
}
}
}, {
"sid": "denydeleteaccess",
"effect": "deny",
"principal": "*",
"action": ["s3:deleteobject", "s3:deleteobjectversion",
"s3:abortmultipartupload"],
"resource": "arn:aws:s3:::zeppelin-tes/*",
"condition": {
"arnnotlike": {
"aws:principalarn": "arn:aws:iam::985767567532:role/app/zeppelin-tes"
}
}
}, {
"sid": "denyreplicateaccessallexceptmasterroles",
"effect": "deny",
"principal": "*",
"action": ["s3:replicateobject", "s3:replicatetags", "s3:replicatedelete"],
"resource": "arn:aws:s3:::zeppelin-tes/*",
"condition": {
"arnlike": {
"aws:principalarn": "arn:aws:iam::985767567532:role/app/zeppelin-tes"
}
}
}, {
"sid": "denyaccessexceptformasterroles",
"effect": "deny",
"principal": "*",
"action": ["s3:deletebucket", "s3:deletebucketpolicy",
"s3:deletebucketwebsite", "s3:putbucketacl", "s3:putbucketcors",
"s3:putbucketpolicy", "s3:putbucketlogging", "s3:putbucketnotification",
"s3:putbucketobjectlockconfiguration", "s3:putbucketpublicaccessblock",
"s3:putbucketrequestpayment", "s3:putbucketwebsite", "s3:restoreobject*"],
"resource": ["arn:aws:s3:::zeppelin-tes", "arn:aws:s3:::zeppelin-tes/*"],
"condition": {
"arnlike": {
"aws:principalarn": "arn:aws:iam::985767567532:role/app/zeppelin-tes"
}
}
}, {
"sid": "denynonsecuretraffic",
"effect": "deny",
"principal": "*",
"action": "s3:*",
"resource": ["arn:aws:s3:::zeppelin-tes", "arn:aws:s3:::zeppelin-tes/*"],
"condition": {
"bool": {
"aws:securetransport": "false"
}
}
}]
}

Reply via email to