我正在尝试使用无服务器框架将图像上传到S3存储桶。部署后调用端点时,代码失败,并显示“访问被拒绝”错误。我在做什么错了?
使用“无服务器日志-f fileDownload”的错误:
www.hostname
serverless.yml:
curl
download.js的来源:
ERROR Unhandled Promise Rejection {"errorType":"Runtime.UnhandledPromiseRejection","errorMessage":"AccessDenied: Access Denied","reason":{"errorType":"AccessDenied","errorMessage":"Access Denied","code":"AccessDenied","message":"Access Denied","region":null,"time":"2020-05-08T14:06:11.767Z","requestId":"874D7C86A4C6BE45","extendedRequestId":"r8xyvcrK9su5c+slhX5L/uh4/Y/sdFnUgPcebHpSTNpbnf39EnAZJET750P8t0iXy8UR81SiYZc=","statusCode":403,"retryable":false,"retryDelay":17.606445772028543,"stack":
["AccessDenied: Access Denied"
," at Request.extractError (/var/task/node_modules/aws-sdk/lib/services/s3.js:835:35)"
," at Request.callListeners (/var/task/node_modules/aws-sdk/lib/sequential_executor.js:106:20)"
," at Request.emit (/var/task/node_modules/aws-sdk/lib/sequential_executor.js:78:10)"
," at Request.emit (/var/task/node_modules/aws-sdk/lib/request.js:683:14)"
," at Request.transition (/var/task/node_modules/aws-sdk/lib/request.js:22:10)"
," at AcceptorStateMachine.runTo (/var/task/node_modules/aws-sdk/lib/state_machine.js:14:12)"
," at /var/task/node_modules/aws-sdk/lib/state_machine.js:26:10"
," at Request.<anonymous> (/var/task/node_modules/aws-sdk/lib/request.js:38:9)"
," at Request.<anonymous> (/var/task/node_modules/aws-sdk/lib/request.js:685:12)"
," at Request.callListeners (/var/task/node_modules/aws-sdk/lib/sequential_executor.js:116:18)"
]}
,"promise":{},"stack":
["Runtime.UnhandledPromiseRejection: AccessDenied: Access Denied"
," at process.<anonymous> (/var/runtime/index.js:35:15)"
," at process.emit (events.js:310:20)"
," at process.EventEmitter.emit (domain.js:482:12)"
," at processPromiseRejections (internal/process/promises.js:209:33)"
," at processTicksAndRejections (internal/process/task_queues.js:98:32)"]}
任何帮助将不胜感激。似乎我不允许发布问题,直到有更多文本而不只是代码为止。
答案 0 :(得分:1)
要上传到存储桶,我只是使用这种方式:
iamRoleStatements:
- Effect: Allow
Action:
- s3:PutObject
Resource: "arn:aws:s3:::my-bucket/*"
我看到您正在使用两个- Effect: Allow
,也许是问题所在。尝试只使用一个。或者,您可以尝试使用先上传的效果,仅用于测试:
iamRoleStatements:
- Effect: 'Allow'
Action:
- 's3:PutObject'
- 's3:GetObject'
Resource: "arn:aws:s3:::*/*"
- Effect: 'Allow'
Action:
- 's3:ListBucket'
Resource: "arn:aws:s3:::*"
我假设您的用户权限已启用。如果没有,那是肯定的。启用对AWS IAM的权限。
答案 1 :(得分:0)
我也有类似的疑问,结果发现我在Lambda角色上缺少s3:PutObjectTagging
特权。我的Node.js应用在上传时正在添加标签,以下是我传递给S3.put()
的参数,
const uploadParams = {
Bucket: chunk.bucketName,
Key: chunk.filePath,
Tagging: 'created_by=MY-TAG',
Body: passThrough
}
有趣的是,当我从本地运行代码时,它上传正常,只有在云环境中运行Node.js时才抱怨。有关详细信息,请查看我的回复here。