Bucket Policy Already Exists (Serverless Lift)

[nadar]

Description:

Hi, i am new to serverless systems using bref. It worked perfectly and i am amazed how many problems this can solve. Well, unless you are in trouble and not familiar with the whole setup, it gets hard to debug :-) so that's why i am ended up here, even i am not sure its related to either bref, serverless or AWS itself.

Today we have tried to deploy a production application --stage prod from a site we deploy successful since weeks using serverless deploy --stage dev. So as mentioned we wanted to deploy the production env for the first time, and now the serverless commands ends up with: Resource handler returned message: "Bucket Policy Already Exists" (RequestToken: 1fea716b-3cf5-0165-7c69-aa25a60bfe5c, HandlerErrorCode: AlreadyExists)

serverless deploy

Deploying FOOBAR to stage dev (eu-central-1)

✖ Stack FOOBAR-dev failed to deploy (46s)
Environment: linux, node 20.5.1, framework 3.34.0, plugin 6.2.3, SDK 4.3.2
Credentials: Local, "default" profile
Docs:        docs.serverless.com
Support:     forum.serverless.com
Bugs:        github.com/serverless/serverless/issues

Error:
CREATE_FAILED: websiteAssetsPolicyFDAAA9C0 (AWS::S3::BucketPolicy)
Resource handler returned message: "Bucket Policy Already Exists" (RequestToken: 1fea716b-3cf5-0165-7c69-aa25a60bfe5c, HandlerErrorCode: AlreadyExists)

There must be something have changed with the lift plugin or s3 policy, because if a temporary remove the lift constructs annotation, it works. So it must be the lift part of the serverless.yml which makes the problem.

We also have then deleted the dev environment in order to test whether we can recreate this stage or not, but we were not able to setup the dev environment too.

How to reproduce:

The serverless yml

service: foobar

params:
  prod:
    env: prod
    debug: 0
  dev:
    env: test
    debug: 1

provider:
  name: aws
  region: eu-central-1
  stage: dev
  environment:
    YII_ENV: ${param:env}
    YII_DEBUG: ${param:debug}

plugins:
  - ./vendor/bref/bref
  - serverless-lift

functions:
    website:
        handler: web/index.php
        description: 'FOOBAR Main Thread'
        runtime: php-82-fpm
        timeout: 28 # in seconds (API Gateway has a timeout of 29 seconds)
        events:
            -   httpApi: '*'

constructs:
  website:
    type: server-side-website
    assets:
      '/resources/*': web/resources
      '/static/*': web/static

# Exclude files from deployment
package:
    patterns:
        - '!node_modules/**'
        - '!tests/**'
        - '!.tmp/**'

I saw there is an issue regarding this, but it seems to be old, and i tested with the proved option, but did not work as well => serverless/serverless#6923 (comment)

Maybe someone can point me into the right direction?

hard to understand:

Since we have deployed the dev site, successfully, its hard to understand why for a sudden reason the deployment of the production environment does not work anymore.

---

✌️ i already was sponsoring @mnapoli 😄

[nadar]

I have added some permissions which where not active yet, maybe they have been freshly added or something like that, because it was working previously, anyhow now i have ensured all the following iam permissions are available and it seems to work, maybe helps someone else. also not sure this was the problem.

• GetBucketPolicy
• DeleteBucketPolicy
• PutAccessPointPolicy
• PutBucketPolicy

[mnapoli]

Hi, maybe the Lift construct uses a hardcoded name for the bucket policy 🤔

It might be better to have this issue in Lift directly. I'll try and have a look at this this week!

[nadar]

Thanks for the reply @mnapoli, i appreciate it a lot. I have create an issue in the lift repo => getlift/lift#356