AWS lambda_handler错误，set_contents_from_string在S3中上传

Question

最近开始使用python脚本来加密数据并使用aws lambda_handler函数上传到S3。 从本地机器到S3它运行正常（注意：从桶侧打开任何人的所有权限） 当从aws Lambda_handler执行相同的脚本时（注意：从桶侧打开任何人的所有权限）得到以下错误。

{
  "stackTrace": [
    [
      "/var/task/enc.py",
      62,
      "lambda_handler",
      "up_key = up_bucket.new_key('enc.txt').set_contents_from_string(buf.readline(),replace=True,policy='public-read',encrypt_key=False)"
    ],
    [
      "/var/task/boto/s3/key.py",
      1426,
      "set_contents_from_string",
      "encrypt_key=encrypt_key)"
    ],
    [
      "/var/task/boto/s3/key.py",
      1293,
      "set_contents_from_file",
      "chunked_transfer=chunked_transfer, size=size)"
    ],
    [
      "/var/task/boto/s3/key.py",
      750,
      "send_file",
      "chunked_transfer=chunked_transfer, size=size)"
    ],
    [
      "/var/task/boto/s3/key.py",
      951,
      "_send_file_internal",
      "query_args=query_args"
    ],
    [
      "/var/task/boto/s3/connection.py",
      668,
      "make_request",
      "retry_handler=retry_handler"
    ],
    [
      "/var/task/boto/connection.py",
      1071,
      "make_request",
      "retry_handler=retry_handler)"
    ],
    [
      "/var/task/boto/connection.py",
      940,
      "_mexe",
      "request.body, request.headers)"
    ],
    [
      "/var/task/boto/s3/key.py",
      884,
      "sender",
      "response.status, response.reason, body)"
    ]
  ],
  "errorType": "S3ResponseError",
  "errorMessage": "S3ResponseError: 403 Forbidden\n<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>4B09C24C4D79C147</RequestId><HostId>CzhDhtYDERh9E/e4tVHek35G3CEMh0qFifcnd06fKN/oyLHtj9bWg87zZOajBNQDfqIC2QrldsA=</HostId></Error>"
}

这是我正在执行的脚本

def lambda_handler(event, context):

    cipher = AESCipher(key='abcd')
    print "ready to connect S3"
    conn = boto.connect_s3()
    print "connected to download"
    bucket = conn.get_bucket('s3download')
    key = bucket.get_key("myinfo.json")
    s3file = key.get_contents_as_string()
    lencp = cipher.encrypt(s3file)
    buf = StringIO.StringIO(lencp)
    print lencp
    print "connected to upload"
    up_bucket = conn.get_bucket("s3upload")
    up_key = up_bucket.new_key('enc.txt').set_contents_from_string(buf.readline(),replace=True,policy='public-read')
    print "completed upload"
    return

Answer 1

解决了由于政策导致的问题=＆＃39; public-read＆＃39; ，删除此能够执行上传后，如果仍然启用所有S3功能（即PutObject，getObject），如果仍处于IAM角色，则上传无法正常工作。需要为此特定角色创建存储桶策略上传工作顺利。