1

I am using the Amazon Java SDK, it is used to do the following:

  1. Create a group
  2. Create a policy
  3. Attach the policy to the group
  4. Add an existing user to the group

This is done to give a user temporary access to a location in an S3 bucket. The problem is that after step #4, if I initiate an operation on behalf of the user, I can receive a 403 Forbidden message, because the user doesn't have access. If I had a Thread.sleep() call to delay things, and let them propagate, it seems to work. Sleeping for 1 second was too short, and 5 seconds was long enough.

Does anyone know if there is an official length of time required to let a new policy and group association propagate in AWS?

Thanks.

mnd
  • 2,709
  • 3
  • 27
  • 48

1 Answers1

3

In my experience is it nearly instantaneous. There is a good discussion of the topic here:

How long should I wait after applying an AWS IAM policy before it is valid?

Community
  • 1
  • 1
Rodrigo Murillo
  • 13,080
  • 2
  • 29
  • 50
  • Thanks - I had searched for an existing question, but hadn't found this one. I appreciate the help. – mnd Jun 28 '16 at 17:14
  • I think it's fair to call this one a duplicate. When I saw the question, I thought "this sounds familiar..." Thanks for digging this one up. – Michael - sqlbot Jun 29 '16 at 02:50