Redwood: AccessDenied for downloading PR build artifacts

You can see an example of the behavior here: https://github.com/redwoodjs/redwood/pull/1477#issuecomment-727037162

@Tobbe FQDN rw-pr.redwoodjs.com.s3.amazonaws.com is not covered by *.s3.amazonaws.com (wildcard covers one level). I suggest using rw-pr-redwoodjs-com.s3.amazonaws.com or similar. I'm surprised that AWS even allows using dot in their buckets.

Edit: I don't know about the AccessDenied policy. Try adding Statement.Sid as PublicRead. Also, the Resource might need to be updated (rw-pr/* to reflect the new bucket name).

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid":"PublicRead",
            "Effect": "Allow",
            "Principal": "*",
            "Action": [
                "s3:GetObject",
                "s3:GetObjectAcl",
                "s3:PutObject",
                "s3:PutObjectAcl"
            ],
            "Resource": "arn:aws:s3:::rw-pr/*"
        }
    ]
}

Reference: AWS: Granting Read-Only Permission to an Anonymous User

Try adding Statement.Sid

Isn't that what I already have? Or did I misunderstand you?

Also, the Resource might need to be updated (rw-pr/* to reflect the new bucket name).

Yeah, I merely pasted what I had used for my bucket when I set this up for my own fork. I don't have access to the RW s3 bucket, so can't configure the policy, or control the name of the bucket.

Isn't that what I already have? Or did I misunderstand you?

I don't see any 'Sid' in the Policy you commented. However, if that was from the previous bucket that worked then I guess it's not needed.

[...] so can't configure the policy, or control the name of the bucket.

cc @peterp? :)

I don't see any 'Sid' in the Policy you commented.

Yeah, I looked at yours, and thought that was mine... 🙈

@cannikin Could you change the bucket name, and make sure it has the correct policy?

It works now, see for example here https://github.com/redwoodjs/redwood/pull/1484#issuecomment-728244658
(bucket name and policy were updated)