Reputation: 103
AWS Lambda can't delete Amazon S3 object
I'm trying to create an AWS Lambda function, which processes a file uploaded to the first bucket, then saves it to the second bucket and then deletes the input file.
The problem is that when I'm trying to delete the file I'm getting
{
"message": "Access Denied",
"code": "AccessDenied",
"time": "2015-02-09T22:08:45.926Z",
"statusCode": 403,
"retryable": false,
"retryDelay": 30
}
The code snippet, which tries to delete the file is
s3.deleteObject({
Bucket: inputBucket,
Key: inputKey
}, function(a, b) {
if (a) {
console.error("Error on delete");
console.error(a);
} else {
console.log("Deleted successfully");
}
});
Upvotes: 7
Views: 11606
Answers (3)
Reputation: 735
Go to IAM -> Roles -> <assigned-role-name> -> Permissions -> <policy-name>
Make sure your policy has the following:
{
"Statement": [
{
"Action": [
"s3:*"
],
"Resource": [
"arn:aws:s3:::<my-bucket>",
"arn:aws:s3:::<my-bucket>/*"
],
"Effect": "Allow"
}
]
}
Note: arn:aws:s3:::<my-bucket> is for accessing my-bucket whereas
arn:aws:s3:::<my-bucket>/* is for accessing all objects under my-bucket. They are similar but not the same. They need to be both present to ensure lambda has full S3 access
Hope this helps
Upvotes: 1
Reputation: 108
I had trouble with weird characters and spaces within inputKey. Try with a simple name.
Upvotes: 0
Reputation: 16482
The possible reason why lambda wasn't able to delete the file ( S3 object ) could be due to the Lambda's Execution Role.
Steps to solve this
- Navigate to the IAM in AWS Management Console
- Look up for the IAM Role used ( or created ) for the lambda ( if it is default it would be lambda_exec_role )
- Go to Attach Role Policy -> Custom Policy and add the below IAM Policy Document
{
"Statement": [
{
"Sid": "Stmt1423535846414",
"Action": [
"s3:DeleteObject"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::*"
}
]
}
Upvotes: 11
Related Questions
- Amazon AWS S3 autoDeleteObjects lambda
- Cannot fully delete an object in Amazon S3
- Unable to delete S3 bucket
- How to delete an s3 object from a lambda function using aws-sdk
- how to delete a file in s3 via lambda?
- AWS Lambda, DynamoDB unable to delete object
- Deleting object from AWS bucket
- Delete AWS S3 Object using Nodejs Lambda function
- Amazon S3 Can't Delete Object via API
- Cannot delete Amazon S3 object