在我的CloudFormation模板中,我有一个lambda,其代码位于S3:
MyLambda:
Properties:
Code:
S3Bucket: bucket-name
S3Key: filename.zip
Handler: handler
MemorySize: !Ref 'LambdaMemorySize'
Role: arn:aws:iam::XXXXXXXXXXX:role/my-role
Runtime: python3.6
Timeout: !Ref 'LambdaTimeout'
Type: AWS::Lambda::Function
如果我从AWS控制台运行它,那么它可以正常工作。但是,当我从AWS CLI(或boto)运行它时,它不起作用,所以我想我的用户凭据中必须缺少一些可以阻止这种工作的东西。但是,我的IAM用户具有管理员权限:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "*",
"Resource": "*"
}
]
}
错误讯息:
Your access has been denied by S3, please make sure your request credentials have permission to GetObject for bucket-name/filename.zip.
S3 Error Code: AccessDenied. S3 Error Message: Access Denied (Service: AWSLambda; Status Code: 403; Error Code: AccessDeniedException; Request ID: xxxxx)
答案 0 :(得分:0)
原来,这是由于成为正在进行IP白名单的小组的一部分 - 删除解决了这个问题。