AWS Cloudformation - using non-public S3 urls - access denied error

Another cloudformation question - I’m using a nested stack in my template, and it specifies a template URL - I want to use a template in a non public s3 url that we own. is there a different url syntax for this? Im getting an access denied error as though its trying to download from a public endpoint

The S3 bucket in question would need a bucket policy which allows the consuming account access

The stack is being executed within the same account, isn’t that accessible by default?

Yeah, as long as your role has access it should work

Or the role being used to deploy the cfn stack

Hmm, ah, user error. I was specifying the wrong bucket. the error surfaced confusingly as “access denied” rather than “object not found”

Thanks for sanity checking with me

Yeah, by default S3 gives you 403 instead of 404 if you don’t have access to the bucket in question, so you can’t fish for object names