Stuck with S3 bucket permission errors for configuring a CRL with ACM? We can help you.

Here, at Bobcares, we assist our customers with several AWS queries as part of our AWS Support Services.

Today, let us discuss how our Support Techs resolve this error.

How to resolve S3 bucket permission errors for configuring a CRL with ACM?

Typical error looks as shown below:

An error occurred (ValidationException) when calling the CreateCertificateAuthority operation: The ACM Private CA Service Principal ‘acm-pca.amazonaws.com’ requires ‘s3:PutObject’ and ‘s3:PutObjectAcl’ permissions for your S3 bucket ‘[bucket]’. Check your S3 bucket permissions and try again.

Today, let us see the steps followed by our Support Techs to resolve it.

Disable “Block public access to buckets and objects granted through new access control lists (ACLs)” in your AWS account

1. Firstly, sign in to the Amazon S3 console.
2. Choose Block public access (account settings), and then choose Edit.
3. Uncheck Block public access to buckets and objects granted through new access control lists (ACLs), and then choose Save.
4. In the confirm field, enter “confirm”, and then choose Confirm.

Disable “Block public access to buckets and objects granted through new access control lists (ACLs)” on the S3 bucket used for CRL

1. Firstly, sign in to the Amazon S3 console.
2. In Bucket name, choose the name of the bucket that you used for configuring CRL in ACM PCA.
3. Choose Permissions, and then choose Edit.
4. Uncheck Block public access to buckets and objects granted through new access control lists (ACLs), and then choose Save.
5. In the confirm field, enter “confirm”, and then choose Confirm.

[Need help with the set up? We’d be happy to assist]

Conclusion

In short, we saw how our Support Techs resolved this permission error.