Question

我试图调用一个lambda函数，它将一些消息推送到s3存储桶中。但是每次我调用lambda函数时，都会收到以下错误

 ClientError: An error occurred (AccessDenied) when calling the PutObject operation: Access Denied

下面是我的lambda代码

import json
import boto3

def lambda_handler(event, context):
s3 = boto3.client("s3")
#data = json.loads(event["Records"][0]["body"])
data = event["Records"][0]["body"]

s3.put_object(Bucket="sqsmybucket",Key="data.json", Body=json.dumps(data))
#print(event) 
return {
    'statusCode': 200,
    'body': json.dumps('Hello from Lambda!')     
}

我使用的用户帐户也具有访问S3

的角色

我已经检查了s3存储桶权限，并为此打开了所有公共访问权限

但是我反复在cloudwatch日志中遇到以下错误消息

2020-06-05T23:48:20.920+05:30

[ERROR] ClientError: An error occurred (AccessDenied) when calling the PutObject operation: Access Denied
Traceback (most recent call last):
 File "/var/task/lambda_function.py", line 9, in lambda_handler
  s3.put_object(Bucket="sqsmybucket",Key="data.json", Body=json.dumps(data))
 File "/var/runtime/botocore/client.py", line 316, in _api_call
 return self._make_api_call(operation_name, kwargs)
 File "/var/runtime/botocore/client.py", line 626, in _make_api_call
  raise error_class(parsed_response, operation_name)

请帮助我，我对此情况一无所知。谢谢。

Answer 1

请确保附加到lambda函数的角色具有s3:PutObject权限。

例如，所需的最小特权权限是

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": "s3:PutObject",
      "Resource": "arn:aws:s3:::<bucket-name>/*"
    }
  ]
}

ClientError：调用PutObject操作时发生错误（AccessDenied）：访问被拒绝

1 个答案: