我想在S3上传项目时执行lambda函数。我的函数被调用但似乎存在访问错误。这是什么错误?
我已经定义了一个角色lambdas3
。它的可信实体是lambda。它有以下政策名为s3lambda
Version": "2012-10-17",
"Statement": [
{
"Sid": "Stmt1509114309000",
"Effect": "Allow",
"Action": [
"s3:GetObject"
],
"Resource": [
"arn:aws:s3:::mybucketname"
]
},
{
"Sid": "Stmt1509114340000",
"Effect": "Allow",
"Action": [
"logs:CreateLogGroup",
"logs:CreateLogStream",
"logs:PutLogEvents"
],
"Resource": [
"arn:aws:logs:*:*:*"
]
}
]
}
这是lambda函数
var aws = require('aws-sdk');
var s3 = new aws.S3();
exports.handler = function(event,context){
var bucket = event.Records[0].s3.bucket.name;
var key = decodeURIComponent(
event.Records[0].s3.object.key.replace(/\+/g,''));
var params = {
Bucket:bucket,
Key:key
};
s3.getObject(params,function(err,data){
if(err){
console.log(err);
context.fail('Error getting object'+
key+' from bucket'+bucket);
}else{
context.succeed('hello '+data.Body);
}
});
};
该函数在执行期间需要lambdas3
个角色。
答案 0 :(得分:2)
您需要在GetObject策略中的资源S3 ARN上添加/ *。 S3:GetObject适用于S3的对象ARN。例如:
arn:aws:s3:::mybucketname/*
答案 1 :(得分:1)
如果要授予存储桶中所有对象的权限,则必须提供完全权限(' *'在资源中)。请在下面找到更新政策
Version": "2012-10-17",
"Statement": [
{
"Sid": "Stmt1509114309000",
"Effect": "Allow",
"Action": [
"s3:GetObject"
],
"Resource": [
"arn:aws:s3:::mybucketname/*"
]
},
{
"Sid": "Stmt1509114340000",
"Effect": "Allow",
"Action": [
"logs:CreateLogGroup",
"logs:CreateLogStream",
"logs:PutLogEvents"
],
"Resource": [
"arn:aws:logs:*:*:*"
]
}
]
}