BarakChamo
Reputation: 3585
Lambda S3 permission denied in s3-get-object blueprint
I'm trying to get a Lambda to read a file off an S3 bucket using the s3-get-object blueprint in response to file post events.
Even when the bucket has full public access and full permissions:
{
"Version": "2012-10-17",
"Id": "Policy1468930000031",
"Statement": [
{
"Sid": "Stmt1468929998580",
"Effect": "Allow",
"Principal": "*",
"Action": "s3:*",
"Resource": "arn:aws:s3:::xlp-uploads/*"
}
]
}
And the Lambda role has full S3 and Lambda access, I still get Access Denied when running the example code.
This is the Lambda code in the blueprint:
'use strict';
console.log('Loading function');
let aws = require('aws-sdk');
let s3 = new aws.S3({ apiVersion: '2006-03-01' });
exports.handler = (event, context, callback) => {
//console.log('Received event:', JSON.stringify(event, null, 2));
// Get the object from the event and show its content type
const bucket = event.Records[0].s3.bucket.name;
const key = decodeURIComponent(event.Records[0].s3.object.key.replace(/\+/g, ' '));
const params = {
Bucket: bucket,
Key: key
};
s3.getObject(params, (err, data) => {
if (err) {
console.log(err);
const message = `Error getting object ${key} from bucket ${bucket}. Make sure they exist and your bucket is in the same region as this function.`;
console.log(message);
callback(message);
} else {
console.log('CONTENT TYPE:', data.ContentType);
callback(null, data.ContentType);
}
});
};
And the error is:
{ [AccessDenied: Access Denied]
message: 'Access Denied',
code: 'AccessDenied',
region: null,
time: Tue Jul 19 2016 12:27:28 GMT+0000 (UTC),
Upvotes: 0
Views: 1211
Answers (1)
BarakChamo
Reputation: 3585
I figured the issue out.
I initially tried to POST the file to S3 using the REST API but the file ends up in the bucket with no permissions and does not inherit the bucket's permissions.
I switched to a POST request that accepts ACL parameters and gives the file permissions in place.
Upvotes: 1
Related Questions
- aws lambda function getting access denied when getObject from s3
- Accessing S3 bucket from Lambda
- Getting "AccessDenied: Access Denied" inside lambda when getting an object from s3
- AWS IAM role permissions in Lambda is not able to find the Amazon S3 url
- Lambda Access Denied on S3 PutObject
- Error Accessing S3 bucket through Lambda function despite permissions
- AWS Lambda S3 Access Denied
- AccessDeniedException while using Lambda by AWS CLI
- AWS Lambda returns permission denied trying to GetObject from S3 bucket
- ListObjectV2 Gets Access Denied Error In AWS Lambda