0
我試圖讓文件在使用s3-get-object藍圖來響應文件post事件時讀取S3存儲桶中的文件。在s3-get-object藍圖中拒絕的Lambda S3權限
即使當桶中有充分的公共接入和全權限:
{
"Version": "2012-10-17",
"Id": "Policy1468930000031",
"Statement": [
{
"Sid": "Stmt1468929998580",
"Effect": "Allow",
"Principal": "*",
"Action": "s3:*",
"Resource": "arn:aws:s3:::xlp-uploads/*"
}
]
}
而且LAMBDA角色具有完全S3和Lambda訪問,我仍然在運行示例代碼時,你得到Access Denied。
這是LAMBDA代碼的藍圖:
'use strict';
console.log('Loading function');
let aws = require('aws-sdk');
let s3 = new aws.S3({ apiVersion: '2006-03-01' });
exports.handler = (event, context, callback) => {
//console.log('Received event:', JSON.stringify(event, null, 2));
// Get the object from the event and show its content type
const bucket = event.Records[0].s3.bucket.name;
const key = decodeURIComponent(event.Records[0].s3.object.key.replace(/\+/g, ' '));
const params = {
Bucket: bucket,
Key: key
};
s3.getObject(params, (err, data) => {
if (err) {
console.log(err);
const message = `Error getting object ${key} from bucket ${bucket}. Make sure they exist and your bucket is in the same region as this function.`;
console.log(message);
callback(message);
} else {
console.log('CONTENT TYPE:', data.ContentType);
callback(null, data.ContentType);
}
});
};
和錯誤是:
{ [AccessDenied: Access Denied]
message: 'Access Denied',
code: 'AccessDenied',
region: null,
time: Tue Jul 19 2016 12:27:28 GMT+0000 (UTC),
試試這個答案,看看它是否適合你,你只需要替換lambda代碼中的一行。 http://stackoverflow.com/questions/35605622/access-denied-on-aws-lambda-function-when-getobject-from-s3-bucket/35608375#35608375 – error2007s