Amazon S3 AccessDenied:在Request.extractError时拒绝访问-具有活动对象标签

时间:2019-11-04 11:58:44

标签: amazon-s3

我们尝试通过设置Lambda函数向其添加自定义标签来自动化S3工作流程。

我们的Lambda函数失败,原因:

2019-11-04T11:32:40.057Z 41513606-8bdd-4c24-85c4-7773d213fc32 { AccessDenied: Access Denied
at Request.extractError (/var/runtime/node_modules/aws-sdk/lib/services/s3.js:585:35)
at Request.callListeners (/var/runtime/node_modules/aws-sdk/lib/sequential_executor.js:106:20)
at Request.emit (/var/runtime/node_modules/aws-sdk/lib/sequential_executor.js:78:10)
at Request.emit (/var/runtime/node_modules/aws-sdk/lib/request.js:683:14)
at Request.transition (/var/runtime/node_modules/aws-sdk/lib/request.js:22:10)
at AcceptorStateMachine.runTo (/var/runtime/node_modules/aws-sdk/lib/state_machine.js:14:12)
at /var/runtime/node_modules/aws-sdk/lib/state_machine.js:26:10
at Request.<anonymous> (/var/runtime/node_modules/aws-sdk/lib/request.js:38:9)
at Request.<anonymous> (/var/runtime/node_modules/aws-sdk/lib/request.js:685:12)
at Request.callListeners (/var/runtime/node_modules/aws-sdk/lib/sequential_executor.js:116:18)
message: 'Access Denied',
code: 'AccessDenied',
region: null,
time: 2019-11-04T11:32:40.056Z,
requestId: '8F7360D2A816BF54',
extendedRequestId: 'yGXP21UJARJfGq7uz/Pr8JZiX0flImx3e11PL398cFae+S79rWp5dH7G9m2zmYAVysbFQvBChiI=',
cfId: undefined,
statusCode: 403,
retryable: false,
retryDelay: 25.314823366706207 }

我们还在用户界面上看到了一个通知:

要启用对象标记的复制,如果用于跨区域复制的IAM策略是在引入对象标记之前创建的,则必须对其进行更新。

enter image description here

1 个答案:

答案 0 :(得分:0)

我们遇到了这个AccessDenied错误

我们必须为IAM角色启用更多策略:

"Action": [
                "s3:PutObject",
                "s3:GetObjectAcl",
                "s3:GetObject",
                "s3:GetObjectTagging",
                "s3:PutObjectTagging",
                "s3:PutObjectAcl"
],

如您所见,有GetObjectTaggingPutObjectTagging的特定策略

相关问题
最新问题