当用户将图像上传到我的存储桶时,我正在尝试调整图像大小。图像的推送通知正在运行。而lambda也在运行。但是我不能把对象放到s3桶中。它会出现Access Denied错误。
如果我的源存储桶为source-bucket且目的地为destination-bucket,则与我的lambda函数关联的角色策略如下:
{
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:GetObject",
"s3:PutObject"
],
"Resource": [
"arn:aws:s3:::destination-bucket",
"arn:aws:s3:::destination-bucket/*"
]
},
{
"Effect": "Allow",
"Action": [
"s3:GetObject"
],
"Resource": [
"arn:aws:s3:::source-bucket",
"arn:aws:s3:::source-bucket/*"
]
}
]
}
回复更新
原来我正在更新ACL并且没有添加ACL put权限。所以以下解决了我的问题:
{
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:GetObject",
"s3:PutObject",
"s3:PutObjectAcl"
],
"Resource": [
"arn:aws:s3:::destination-bucket",
"arn:aws:s3:::destination-bucket/*"
]
},
{
"Effect": "Allow",
"Action": [
"s3:GetObject"
],
"Resource": [
"arn:aws:s3:::source-bucket",
"arn:aws:s3:::source-bucket/*"
]
}
]
}