Reputation: 475
Why aws lambda function is not able do read object from s3 bucket?
I am trying to read objects from S3 bucket using lambda function cross account, I have added resource based policy for aws lambda to access s3 bucket.
But still when i tested my lambda function am seeing access denied error lambda function IAM role has the full access on s3 resources
Upvotes: 0
Views: 1542
Answers (1)
Reputation: 269091
Your situation appears to be:
- An AWS Lambda function in Account A that is using a Role
- An Amazon S3 bucket in Account B
You will need to grant access from Account B. The Lambda resource policy will not work because it is in Account A (and therefore cannot grant access to resources in Account B).
You simply need a Bucket Policy on the bucket that grants access to the Role being used by the Lambda function. The policy would look similar to:
{
"Id": "Policy1",
"Version": "2012-10-17",
"Statement": [
{
"Sid": "GrantAccessToRole",
"Action": [
"s3:GetObject"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::my-bucket/*",
"Principal": {
"AWS": [
"arn:aws:iam::1234567890:role/my-role"
]
}
}
]
}
Modify the policy to provide the access permissions desired (eg ListBucket).
The ARN for the role is visible in the IAM console when viewing the Role.
Upvotes: 1
Related Questions
- aws lambda function getting access denied when getObject from s3
- Reading CSV file from S3 using Lambda Function-GetObject operation: Access Denied
- Why does my lambda function get Access Denied trying to access an S3 bucket?
- Cannot get Lambda function to read S3 object contents
- How do I access an S3 object from a Lambda function?
- Unable to perform getobject from aws s3 in aws-lambda
- AWS Lambda get s3 object data template not working
- Why can't I access my S3 bucket from a Lambda function?
- Access denied on aws lambda function when getObject from S3 bucket
- Cannot access S3 bucket from Lambda function