Lambda S3 权限在 s3-get-object 蓝图中被拒绝
Lambda S3 permission denied in s3-get-object blueprint
我正在尝试让 Lambda 使用 s3-get-object 蓝图从 S3 存储桶中读取文件以响应文件 post 事件。
即使存储桶具有完全 public 访问权限和完全权限:
{
"Version": "2012-10-17",
"Id": "Policy1468930000031",
"Statement": [
{
"Sid": "Stmt1468929998580",
"Effect": "Allow",
"Principal": "*",
"Action": "s3:*",
"Resource": "arn:aws:s3:::xlp-uploads/*"
}
]
}
并且 Lambda 角色具有完整的 S3 和 Lambda 访问权限,当 运行 示例代码时我仍然得到 Access Denied。
这是蓝图中的 Lambda 代码:
'use strict';
console.log('Loading function');
let aws = require('aws-sdk');
let s3 = new aws.S3({ apiVersion: '2006-03-01' });
exports.handler = (event, context, callback) => {
//console.log('Received event:', JSON.stringify(event, null, 2));
// Get the object from the event and show its content type
const bucket = event.Records[0].s3.bucket.name;
const key = decodeURIComponent(event.Records[0].s3.object.key.replace(/\+/g, ' '));
const params = {
Bucket: bucket,
Key: key
};
s3.getObject(params, (err, data) => {
if (err) {
console.log(err);
const message = `Error getting object ${key} from bucket ${bucket}. Make sure they exist and your bucket is in the same region as this function.`;
console.log(message);
callback(message);
} else {
console.log('CONTENT TYPE:', data.ContentType);
callback(null, data.ContentType);
}
});
};
错误是:
{ [AccessDenied: Access Denied]
message: 'Access Denied',
code: 'AccessDenied',
region: null,
time: Tue Jul 19 2016 12:27:28 GMT+0000 (UTC),
我解决了这个问题。
我最初尝试 POST 使用 REST API 将文件传输到 S3,但文件最终在没有权限的存储桶中,并且没有继承存储桶的权限。
我切换到一个 POST 请求,该请求接受 ACL 参数并提供适当的文件权限。
我正在尝试让 Lambda 使用 s3-get-object 蓝图从 S3 存储桶中读取文件以响应文件 post 事件。
即使存储桶具有完全 public 访问权限和完全权限:
{
"Version": "2012-10-17",
"Id": "Policy1468930000031",
"Statement": [
{
"Sid": "Stmt1468929998580",
"Effect": "Allow",
"Principal": "*",
"Action": "s3:*",
"Resource": "arn:aws:s3:::xlp-uploads/*"
}
]
}
并且 Lambda 角色具有完整的 S3 和 Lambda 访问权限,当 运行 示例代码时我仍然得到 Access Denied。
这是蓝图中的 Lambda 代码:
'use strict';
console.log('Loading function');
let aws = require('aws-sdk');
let s3 = new aws.S3({ apiVersion: '2006-03-01' });
exports.handler = (event, context, callback) => {
//console.log('Received event:', JSON.stringify(event, null, 2));
// Get the object from the event and show its content type
const bucket = event.Records[0].s3.bucket.name;
const key = decodeURIComponent(event.Records[0].s3.object.key.replace(/\+/g, ' '));
const params = {
Bucket: bucket,
Key: key
};
s3.getObject(params, (err, data) => {
if (err) {
console.log(err);
const message = `Error getting object ${key} from bucket ${bucket}. Make sure they exist and your bucket is in the same region as this function.`;
console.log(message);
callback(message);
} else {
console.log('CONTENT TYPE:', data.ContentType);
callback(null, data.ContentType);
}
});
};
错误是:
{ [AccessDenied: Access Denied]
message: 'Access Denied',
code: 'AccessDenied',
region: null,
time: Tue Jul 19 2016 12:27:28 GMT+0000 (UTC),
我解决了这个问题。
我最初尝试 POST 使用 REST API 将文件传输到 S3,但文件最终在没有权限的存储桶中,并且没有继承存储桶的权限。
我切换到一个 POST 请求,该请求接受 ACL 参数并提供适当的文件权限。