我想使用lambda在文件碰到s3-bucket的特定区域时发送自动电子邮件。当我将文件放在指定位置的存储桶中并尝试运行时,我在cloudwatch日志中收到以下错误:
[ERROR] ClientError: An error occurred (AccessDenied) when calling the SendEmail operation: User `arn:aws:sts::123456789012:assumed-role/my-bot-role-abcdefg/my-bot' is not authorized to perform `ses:SendEmail' on resource `arn:aws:ses:eu-west-1:123456789012:identity/my_address@gmail.com'
Traceback (most recent call last):
File "/var/task/lambda_function.py", line 44, in lambda_handler
Message = message )
File "/var/runtime/botocore/client.py", line 316, in _api_call
return self._make_api_call(operation_name, kwargs)
File "/var/runtime/botocore/client.py", line 626, in _make_api_call
raise error_class(parsed_response, operation_name)
我已将以下权限写入json策略:
{
"Version": "2012-10-17",
"Statement": [
{
"Action": [
"logs:*"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"ses:SendEmail"
],
"Effect": "Allow",
"Resource": "arn:aws:ses:eu-west-1:123456789012:identity/*"
}
]
}
在我打算针对特定目的进行修改之前,我在lambda句柄中使用的代码的基础不是我自己的:
import json
import boto3
email_defaults = {
"port" : 465, # For SSL
"smtp_server" : "smtp.gmail.com",
"sender_email" : "my_sender_address@gmail.com", #replace as needed in testing
"receiver_email" : "my_reciever_address@gmail.co.uk" #replace as needed in testing
}
def lambda_handler(event, context):
for i in event["Records"]:
action = i["eventName"]
ip = i["requestParameters"]["sourceIPAddress"]
bucket_name = i["s3"]["bucket"]["name"]
object = i["s3"]["object"]["key"]
client = boto3.client("ses")
subject = str(action) + 'Event from ' + bucket_name
body = """
<br>
This email is to notify you regarding {} event.
The object {} has been uploaded.
Source IP: {}
""".format(action, object, ip)
message = {"Subject": {"Data": subject}, "Body": {"Html": {"Data": body}}}
response = client.send_email( Source = email_defaults["sender_email"],
Destination = {"ToAddresses": [email_defaults["receiver_email"]]},
Message = message )
return "Hello world"
任何有关我可能忽略的内容的指导都将不胜感激,但目前我很沮丧。