当S3存储桶中的getObject时,对AWS Lambda函数的访问被拒绝 [英] Access denied on aws lambda function when getObject from S3 bucket
问题描述
我将默认代码用于lambda函数:
I'm using the default code for a lambda function:
console.log('Loading function');
var aws = require('aws-sdk');
var s3 = new aws.S3({ apiVersion: '2006-03-01' });
exports.handler = function(event, context) {
//console.log('Received event:', JSON.stringify(event, null, 2));
// Get the object from the event and show its content type
var bucket = event.Records[0].s3.bucket.name;
var key = decodeURIComponent(event.Records[0].s3.object.key.replace(/\+/g, ' '));
var params = {
Bucket: bucket,
Key: key
};
s3.getObject(params, function(err, data) {
if (err) {
console.log(err);
var message = "Error getting object " + key + " from bucket " + bucket +
". Make sure they exist and your bucket is in the same region as this function.";
console.log(message);
context.fail(message);
} else {
console.log('CONTENT TYPE:', data.ContentType);
context.succeed(data.ContentType);
}
});
};
但是我收到拒绝访问的错误:
However i get an access denied error:
2016-02-24T14:21:21.503Z kvyo1midvc2r69gm Loading function
START RequestId: baf9049b-db01-11e5-bc34-791df91353a9 Version: $LATEST
2016-02-24T14:21:22.500Z baf9049b-db01-11e5-bc34-791df91353a9 { [AccessDenied: Access Denied] message: 'Access Denied', code: 'AccessDenied', region: null, time: Wed Feb 24 2016 14:21:22 GMT+0000 (UTC), requestId: '215CD9BB4094E209', extendedRequestId: '0kDBEyMiJYbMApEqJuAtKct2SKLI7Z7tCBVyW6QJsYwMHROvtCEDynbGSsBdqbwFcX+YrSlGnsg=', statusCode: 403, retryable: false, retryDelay: 30 }
2016-02-24T14:21:22.539Z baf9049b-db01-11e5-bc34-791df91353a9 Error getting object {"originalFilename":"c12eaadf3d3b46d9b5ded6c078534c11","versions":[{"Size":1024,"Crop":null,"Max":false,"Rotate":0}]} from bucket xmovo.originalimages.develop. Make sure they exist and your bucket is in the same region as this function.
2016-02-24T14:21:22.539Z baf9049b-db01-11e5-bc34-791df91353a9
{
"errorMessage": "Error getting object {\"originalFilename\":\"c12eaadf3d3b46d9b5ded6c078534c11\",\"versions\":[{\"Size\":1024,\"Crop\":null,\"Max\":false,\"Rotate\":0}]} from bucket xmovo.originalimages.develop. Make sure they exist and your bucket is in the same region as this function."
}
END RequestId: baf9049b-db01-11e5-bc34-791df91353a9
REPORT RequestId: baf9049b-db01-11e5-bc34-791df91353a9 Duration: 723.44 ms Billed Duration: 800 ms Memory Size: 128 MB Max Memory Used: 34 MB
我的lambda函数和我的S3存储桶位于相同的"US Standart"和"us-east-1"区域中
My lambda function and my S3 bucket are in the same region 'US Standart' and 'us-east-1' which are the same
对于lambda函数,IAM许可是可以的,允许执行GetObject Action(由创建lambda函数的向导设置)
IAM permission are ok for lambda function, allowing to GetObject Action,(it is set with the wizard that create the lambda function)
通过所有检查,我不知道为什么我仍然会出现访问被拒绝"错误
with all that check i have no clue why i still getting the Access Denied Error
预先感谢
推荐答案
检查要使用的角色的IAM权限,也许在allow
权限之上有deny
权限.
Check the IAM permissions of the role you want to use, maybe there are deny
permissions above allow
permissions.
这篇关于当S3存储桶中的getObject时,对AWS Lambda函数的访问被拒绝的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!