I have a media convert job that will take input video from s3 bucket then convert it and store it in another bucket within the same account.
However, when "Block Public Access settings for this account" is enabled for s3 bucket then I get 1401
Unable to write to output file: [Failed to write data: Access Denied].
The media convert and S3 are on the same AWS account.
When I disabled the blocking of public access it worked. However, i would like to have this security layer in place
The MediaConvert service assumes a specified IAM role within your AWS account when running jobs and accessing S3 buckets on your behalf.
Please double-check that the IAM Role you are using to run your MediaConvert jobs has the Policy called 'AmazonS3FullAccess' attached along with the Policy called 'AmazonAPIGatewayInvokeFullAccess'.
These policies are all that is required for MediaConvert to read & write to a typical S3 bucket owned by this account, unless the bucket has additional conditions and restrictions within its Bucket Policy.
You may optionally prevent the Role from accessing a certain bucket by explicitly denying that Role access within the Bucket Policy on that bucket.
If you are using custom s3 access policies on the IAM Role used for MediaConvert jobs, rather than the default 'AmazonS3FullAccess', then you will have to ensure that the Conditions and Resources within your Role Policy and Bucket Policy both permit access to the bucket in question.