S3 Backup ... suspect access issue


#1

Getting an Access Denied issue in error log … which seems to be causing Sidekiq to stay paused after backups!! (which is interesting on its own) - is my access policy on IAM not generous enough?:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "s3:GetBucketLocation",
                "s3:ListAllMyBuckets"
            ],
            "Resource": "*"
        },
        {
            "Effect": "Allow",
            "Action": [
                "s3:ListBucket"
            ],
            "Resource": [
                "arn:aws:s3:::my-discourse-backups"
            ]
        },
        {
            "Effect": "Allow",
            "Action": [
                "s3:PutObject",
                "s3:GetObject"
            ],
            "Resource": [
                "arn:aws:s3:::my-discourse-backups/*"
            ]
        }
    ]
}

Sidekiq is being paused, how can I discover why?
#2

Going to try an element of this policy here:


#3

Went with policy in the guide, will monitor for a few days before accepting this as solution:


#4

Actually had to use a slightly different policy to make mine work,

I had to add:

       "s3:GetBucketLocation",

my top level one now looks like:

  "Statement": [
      {
       "Effect": "Allow",
       "Action": [
           "s3:HeadBucket",
           "s3:GetBucketLocation",
           "s3:ListAllMyBuckets"
      ],
       "Resource": "*"
    },

But otherwise based on: