调用 ListObjects 操作时发生错误(AllAccessDisabled)
An error occurred (AllAccessDisabled) when calling the ListObjects operation
我可能遗漏了一些东西,可以用第二双眼睛来了解这些政策。
我的存储桶策略:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "AllowS3Access",
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::redacted:role/myrole"
},
"Action": "s3:*",
"Resource": [
"arn:aws:s3:::<my-bucket>",
"arn:aws:s3:::<my-bucket>/*"
]
}
]
}
我检查了对象权限,对于其中唯一的对象,我允许所有人进行读写访问,只是为了让这个功能起作用(但它仍然不起作用)。
这是我用来访问存储桶的 lambda 角色:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"s3:PutObject",
"s3:GetObject",
"dynamodb:GetItem",
"s3:ListBucket",
"dynamodb:Query",
"dynamodb:UpdateItem",
"s3:DeleteObject",
"s3:GetBucketLocation",
"s3:PutObjectAcl"
],
"Resource": [
"arn:aws:s3:::<my-bucket>",
"arn:aws:s3:::<my-bucket>/*",
"arn:aws:dynamodb:us-east-1:dynamo:table/myTable"
]
},
{
"Sid": "VisualEditor1",
"Effect": "Allow",
"Action": [
"polly:SynthesizeSpeech",
"polly:StartSpeechSynthesisTask",
"s3:ListAllMyBuckets",
"polly:GetSpeechSynthesisTask"
],
"Resource": "*"
}
]
}
难道是我用lambda写的函数不对?这是它中断的部分:
s3 = boto3.resource('s3')
bucket = s3.Bucket('BUCKET_NAME')
key = postId + "_" + title + ".mp3"
objs = list(bucket.objects.filter(Prefix=key))
if len(objs) > 0 and objs[0].key == key:
print("Exists!")
boto3.client('s3').delete_object(Bucket='BUCKET_NAME', Key=key)
else:
print("Doesn't exist")
我尝试将 ListObject 添加为策略操作,但我认为它只与列表存储桶有关。我从另一个答案中提取了列表存储桶对象函数,因为我是 Python 的新手,但此时它似乎仍然可以工作。
编辑:这是我在 cloudwatch 中收到的确切错误
An error occurred (AllAccessDisabled) when calling the ListObjects
operation: All access to this object has been disabled: ClientError
Traceback (most recent call last):
File "/var/task/lambda_function.py", line 33, in lambda_handler
编辑 2:BUCKET_NAME 是一个环境变量。
关于你的 aws 角色,这给你访问权限?我有这个问题,而且是关于我的角色。
我错误地分配了环境变量。正确的语法是
s3 = boto3.resource('s3', 'us-east-1')
bucket_name = os.environ['BUCKET_NAME'] <<<< this variable
bucket = s3.Bucket(bucket_name) <<<<< into here
为您的 lambda 代码分配环境变量。
我可能遗漏了一些东西,可以用第二双眼睛来了解这些政策。
我的存储桶策略:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "AllowS3Access",
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::redacted:role/myrole"
},
"Action": "s3:*",
"Resource": [
"arn:aws:s3:::<my-bucket>",
"arn:aws:s3:::<my-bucket>/*"
]
}
]
}
我检查了对象权限,对于其中唯一的对象,我允许所有人进行读写访问,只是为了让这个功能起作用(但它仍然不起作用)。
这是我用来访问存储桶的 lambda 角色:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"s3:PutObject",
"s3:GetObject",
"dynamodb:GetItem",
"s3:ListBucket",
"dynamodb:Query",
"dynamodb:UpdateItem",
"s3:DeleteObject",
"s3:GetBucketLocation",
"s3:PutObjectAcl"
],
"Resource": [
"arn:aws:s3:::<my-bucket>",
"arn:aws:s3:::<my-bucket>/*",
"arn:aws:dynamodb:us-east-1:dynamo:table/myTable"
]
},
{
"Sid": "VisualEditor1",
"Effect": "Allow",
"Action": [
"polly:SynthesizeSpeech",
"polly:StartSpeechSynthesisTask",
"s3:ListAllMyBuckets",
"polly:GetSpeechSynthesisTask"
],
"Resource": "*"
}
]
}
难道是我用lambda写的函数不对?这是它中断的部分:
s3 = boto3.resource('s3')
bucket = s3.Bucket('BUCKET_NAME')
key = postId + "_" + title + ".mp3"
objs = list(bucket.objects.filter(Prefix=key))
if len(objs) > 0 and objs[0].key == key:
print("Exists!")
boto3.client('s3').delete_object(Bucket='BUCKET_NAME', Key=key)
else:
print("Doesn't exist")
我尝试将 ListObject 添加为策略操作,但我认为它只与列表存储桶有关。我从另一个答案中提取了列表存储桶对象函数,因为我是 Python 的新手,但此时它似乎仍然可以工作。
编辑:这是我在 cloudwatch 中收到的确切错误
An error occurred (AllAccessDisabled) when calling the ListObjects
operation: All access to this object has been disabled: ClientError
Traceback (most recent call last):
File "/var/task/lambda_function.py", line 33, in lambda_handler
编辑 2:BUCKET_NAME 是一个环境变量。
关于你的 aws 角色,这给你访问权限?我有这个问题,而且是关于我的角色。
我错误地分配了环境变量。正确的语法是
s3 = boto3.resource('s3', 'us-east-1')
bucket_name = os.environ['BUCKET_NAME'] <<<< this variable
bucket = s3.Bucket(bucket_name) <<<<< into here
为您的 lambda 代码分配环境变量。