diff --git a/addons/addon-base-raas/packages/base-raas-services/lib/aws-accounts/__tests__/aws-accounts-service.test.js b/addons/addon-base-raas/packages/base-raas-services/lib/aws-accounts/__tests__/aws-accounts-service.test.js
index c0e992bfaa..b8f840eca8 100644
--- a/addons/addon-base-raas/packages/base-raas-services/lib/aws-accounts/__tests__/aws-accounts-service.test.js
+++ b/addons/addon-base-raas/packages/base-raas-services/lib/aws-accounts/__tests__/aws-accounts-service.test.js
@@ -166,6 +166,40 @@ describe('AwsAccountService', () => {
       // CHECK
       expect(s3Client.putBucketPolicy).toHaveBeenCalled();
     });
+
+    it('should throw a pre-determined error if policy update fails on the bucket', async () => {
+      // BUILD
+      const s3Client = {};
+      s3Client.putBucketPolicy = jest.fn();
+      s3Client.putBucketPolicy.mockImplementationOnce(() => {
+        // eslint-disable-next-line no-throw-literal
+        throw {
+          message: 'Something bad happened while updating bucket policy: <Overly descriptive stack trace>',
+          code: 'RandomError',
+        };
+      });
+
+      s3Service.api = s3Client;
+      s3Service.parseS3Details.mockReturnValue({
+        s3BucketName: 'dummyBucket',
+        s3Prefix: 'dummyKey',
+      });
+
+      const accountList = [{ accountId: '0123456789' }];
+      service.list = jest.fn().mockReturnValueOnce(accountList);
+
+      // Mock locking so that the putBucketPolicy actually gets called
+      lockService.tryWriteLockAndRun = jest.fn((params, callback) => callback());
+
+      // OPERATE
+      try {
+        await service.updateEnvironmentInstanceFilesBucketPolicy();
+        expect.hasAssertions();
+      } catch (err) {
+        // CHECK
+        expect(err.message).toEqual('Could not update bucket policy for bucket "dummyBucket". Error code: RandomError');
+      }
+    });
   });
 
   describe('create', () => {
diff --git a/addons/addon-base-raas/packages/base-raas-services/lib/aws-accounts/aws-accounts-service.js b/addons/addon-base-raas/packages/base-raas-services/lib/aws-accounts/aws-accounts-service.js
index ef673ee3e1..89e7c9954c 100644
--- a/addons/addon-base-raas/packages/base-raas-services/lib/aws-accounts/aws-accounts-service.js
+++ b/addons/addon-base-raas/packages/base-raas-services/lib/aws-accounts/aws-accounts-service.js
@@ -142,7 +142,17 @@ class AwsAccountsService extends Service {
         Version: '2012-10-17',
         Statement: [...securityStatements, listStatement, getStatement],
       });
-      return s3Client.putBucketPolicy({ Bucket: s3BucketName, Policy }).promise();
+
+      let response;
+      try {
+        response = await s3Client.putBucketPolicy({ Bucket: s3BucketName, Policy }).promise();
+      } catch (err) {
+        throw this.boom.badRequest(
+          `Could not update bucket policy for bucket "${s3BucketName}". Error code: ${err.code}`,
+          true,
+        );
+      }
+      return response;
     });
   }