Boto3 uploading to s3 bucket

Question

I want to add an String, created by an lambda, to a existing textfile on my s3 bucket.

When I use:

s3.Object('My_bucket', 'textfile.txt').put(Body=missingtagginginfo)

missingtagginginfo = My created variable textfile.txt = textfile that exists on the s3 bucket

I get the following error:

"errorMessage": "An error occurred (AccessDenied) when calling the PutObject operation: Access Denied",

"errorType": "ClientError",

I alreday gave the lambda the s3fullAccess.

Does anybody know how I can fix this?

greets

Answer 1

Write in Your Bucket's Policy

{
"Version": "2008-10-17",
"Id": "PolicyForCloudFrontPrivateContent",
"Statement": [
    {
        "Sid": "Allow-OAI-Access-To-Bucket",
        "Effect": "Allow",
        "Principal": "*",
        "Action": "s3:PutObject",
        "Resource": "arn:aws:s3:::Your-Bucket-Name/*"
    }
]
}

Answer 2

Your policy must contain s3:PutObject in order to upload objects.

{
    "Effect": "Allow",
    "Action": [
        "s3:PutObject"
    ],
    "Resource": [
        "arn:aws:s3:::your-bucket/",
        "arn:aws:s3:::your-bucket/*"
    ]
}

Please don't add wildcard permissions (s3:*) or wildcard resources ("Resource": [ "*" ]) as these give huge potential for bugs and vulnerabilities. The AWS Policy Generator can help you with this.

Answer 3

The IAM Policy looks like this:

"Resource": "arn:aws:s3:::MYBUCKET/*"
    },
    {
        "Effect": "Allow",
        "Action": [
            "s3:ListBucketMultipartUploads",
            "s3:AbortMultipartUpload",
            "s3:ListMultipartUploadParts"
        ],
        "Resource": [
            "arn:aws:s3:::MYBUCKET/",
            "arn:aws:s3:::MYBUCKET/*"
        ]
    },
    {
        "Effect": "Allow",
        "Action": "s3:ListBucket",
        "Resource": "*"
    }