tdc
Reputation: 8587
CloudFormation Lambda S3 bucket access denied
In my CloudFormation template I have a lambda whose code lives on S3:
MyLambda:
Properties:
Code:
S3Bucket: bucket-name
S3Key: filename.zip
Handler: handler
MemorySize: !Ref 'LambdaMemorySize'
Role: arn:aws:iam::XXXXXXXXXXX:role/my-role
Runtime: python3.6
Timeout: !Ref 'LambdaTimeout'
Type: AWS::Lambda::Function
If I run this from the AWS console, then it works fine. However, when I run this from the AWS CLI (or boto) then it doesn't work, so I guess there must be something missing from my user's credentials that's stopping this working. However my IAM user has administrator access:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "*",
"Resource": "*"
}
]
}
Error message:
Your access has been denied by S3, please make sure your request credentials have permission to GetObject for bucket-name/filename.zip.
S3 Error Code: AccessDenied. S3 Error Message: Access Denied (Service: AWSLambda; Status Code: 403; Error Code: AccessDeniedException; Request ID: xxxxx)
Upvotes: 0
Views: 1569
Answers (1)
tdc
Reputation: 8587
Turns out it was due to being part of the group that was doing IP whitelisting - removing that solved this issue.
Upvotes: 1
Related Questions
- Cloudformation: API: s3:CreateBucket Access Denied
- Lambda permission not being created when using cloudformation
- CloudFormation is not authorized to perform: iam:PassRole on resource
- Bucket not found error in lambda function
- Enable Lambda function to an S3 bucket using cloudformation
- CloudFormation API Gateway Lambda integration request not getting right permissions?
- AWS S3 CloudFormation Read-Only Permission
- CloudFormation Permission Denied for Config Attempting to Invoke Lambda
- CloudFormation, Lambda, S3 - Access denied by s3
- Access Denied from S3 Bucket [pendente]