当S3存储桶中的getObject时，对AWS Lambda函数的访问被拒绝 [英] Access denied on aws lambda function when getObject from S3 bucket

问题描述

我将默认代码用于lambda函数:

I'm using the default code for a lambda function:

console.log('Loading function');

var aws = require('aws-sdk');
var s3 = new aws.S3({ apiVersion: '2006-03-01' });

exports.handler = function(event, context) {
    //console.log('Received event:', JSON.stringify(event, null, 2));

    // Get the object from the event and show its content type
    var bucket = event.Records[0].s3.bucket.name;
    var key = decodeURIComponent(event.Records[0].s3.object.key.replace(/\+/g, ' '));
    var params = {
        Bucket: bucket,
        Key: key
    };

    s3.getObject(params, function(err, data) {
        if (err) {
            console.log(err);
            var message = "Error getting object " + key + " from bucket " + bucket +
                ". Make sure they exist and your bucket is in the same region as this function.";
            console.log(message);
            context.fail(message);
        } else {
            console.log('CONTENT TYPE:', data.ContentType);
            context.succeed(data.ContentType);
        }
    });
};

但是我收到拒绝访问的错误:

However i get an access denied error:

2016-02-24T14:21:21.503Z    kvyo1midvc2r69gm    Loading function 
START RequestId: baf9049b-db01-11e5-bc34-791df91353a9 Version: $LATEST 
2016-02-24T14:21:22.500Z    baf9049b-db01-11e5-bc34-791df91353a9    { [AccessDenied: Access Denied] message: 'Access Denied', code: 'AccessDenied', region: null, time: Wed Feb 24 2016 14:21:22 GMT+0000 (UTC), requestId: '215CD9BB4094E209', extendedRequestId: '0kDBEyMiJYbMApEqJuAtKct2SKLI7Z7tCBVyW6QJsYwMHROvtCEDynbGSsBdqbwFcX+YrSlGnsg=', statusCode: 403, retryable: false, retryDelay: 30 } 
2016-02-24T14:21:22.539Z    baf9049b-db01-11e5-bc34-791df91353a9    Error getting object {"originalFilename":"c12eaadf3d3b46d9b5ded6c078534c11","versions":[{"Size":1024,"Crop":null,"Max":false,"Rotate":0}]} from bucket xmovo.originalimages.develop. Make sure they exist and your bucket is in the same region as this function. 
2016-02-24T14:21:22.539Z    baf9049b-db01-11e5-bc34-791df91353a9
{
    "errorMessage": "Error getting object {\"originalFilename\":\"c12eaadf3d3b46d9b5ded6c078534c11\",\"versions\":[{\"Size\":1024,\"Crop\":null,\"Max\":false,\"Rotate\":0}]} from bucket xmovo.originalimages.develop. Make sure they exist and your bucket is in the same region as this function."
}
END RequestId: baf9049b-db01-11e5-bc34-791df91353a9 
REPORT RequestId: baf9049b-db01-11e5-bc34-791df91353a9  Duration: 723.44 ms Billed Duration: 800 ms Memory Size: 128 MB Max Memory Used: 34 MB 

我的lambda函数和我的S3存储桶位于相同的"US Standart"和"us-east-1"区域中

My lambda function and my S3 bucket are in the same region 'US Standart' and 'us-east-1' which are the same

对于lambda函数，IAM许可是可以的，允许执行GetObject Action(由创建lambda函数的向导设置)

IAM permission are ok for lambda function, allowing to GetObject Action,(it is set with the wizard that create the lambda function)

通过所有检查，我不知道为什么我仍然会出现访问被拒绝"错误

with all that check i have no clue why i still getting the Access Denied Error

预先感谢

推荐答案

检查要使用的角色的IAM权限，也许在allow权限之上有deny权限.

Check the IAM permissions of the role you want to use, maybe there are deny permissions above allow permissions.

这篇关于当S3存储桶中的getObject时，对AWS Lambda函数的访问被拒绝的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！