CODEWITHSUNDEEP
amazon-web-servicesamazon-s3permissionsaws-lambdaserverless-framework
bensiu
bensiu

Reputation: 25604

Serverless - can not read file from S3

I have 2 Lambda functions written in NodeJS and with Serverless Framework IAM role for those functions allows to put and get object:

iamRoleStatements:
    - Effect: "Allow"
      Action:
        - "s3:ListBucket"
        - "s3:GetObject"
        - "s3:PutObject"
        - "s3:GetBucketNotification"
        - "s3:PutBucketNotification"
      Resource:
        - Fn::Join: [
            "", [
              "arn:aws:s3:::",
              {
                "Ref": "DataBucket"
              },
              "/*"
            ]
          ]
        - Fn::Join: [
            "", [
              "arn:aws:s3:::",
              {
                "Ref": "DataBucket"
              },
            ]
          ]

One function is placing the file to S3 and works correctly and the next second function is invoked (via S3 event) and is not able to read this file because of Access Denied.

It was working correctly until I changed dataBucketName resource name:

resources:
  Resources:
    DataBucket:
      Type: AWS::S3::Bucket
      Properties:
        BucketName: ${self:custom.dataBucketName}

Can someone provide me a hint where the problem could be and how to start debugging it?

Upvotes: 0

Views: 533

Answers (1)

jarmod
jarmod

Reputation: 78860

This is not a fix for your problem, but to simplify and correct minor issues with your IAM role:

iamRoleStatements:
- Effect: Allow
  Action:
  - s3:ListBucket
  - s3:GetBucketNotification
  - s3:PutBucketNotification
  Resource: arn:aws:s3:::${self:custom.dataBucketName}
- Effect: Allow
  Action:
  - s3:GetObject
  - s3:PutObject
  Resource: arn:aws:s3:::${self:custom.dataBucketName}/*

Upvotes: 1

Related Questions