我正在努力实现的以下目标。我有一个带有云前端策略和仅获取策略的s3存储桶。
{
"Version": "2008-10-17",
"Id": "PolicyForCloudFrontPrivateContent",
"Statement": [
{
"Sid": "1",
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::cloudfront:user/CloudFront Origin Access Identity E*********R"
},
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::s3-bucket-dev/*"
}
]
}
我试图从Lambda函数向s3添加触发器。但是当我添加事件通知时,我遇到了以下错误。
Error: Unable to validate the following destination configurations. Not
authorized to invoke the function.
Lambda角色具有管理员访问策略。