无服务器s3上传访问被拒绝

时间:2020-05-08 14:17:16

标签: amazon-s3 serverless-framework serverless access-denied

我正在尝试使用无服务器框架将图像上传到S3存储桶。部署后调用端点时,代码失败,并显示“访问被拒绝”错误。我在做什么错了?

使用“无服务器日志-f fileDownload”的错误:

www.hostname

serverless.yml:

curl

download.js的来源:

ERROR   Unhandled Promise Rejection     {"errorType":"Runtime.UnhandledPromiseRejection","errorMessage":"AccessDenied: Access Denied","reason":{"errorType":"AccessDenied","errorMessage":"Access Denied","code":"AccessDenied","message":"Access Denied","region":null,"time":"2020-05-08T14:06:11.767Z","requestId":"874D7C86A4C6BE45","extendedRequestId":"r8xyvcrK9su5c+slhX5L/uh4/Y/sdFnUgPcebHpSTNpbnf39EnAZJET750P8t0iXy8UR81SiYZc=","statusCode":403,"retryable":false,"retryDelay":17.606445772028543,"stack":
["AccessDenied: Access Denied"
,"    at Request.extractError (/var/task/node_modules/aws-sdk/lib/services/s3.js:835:35)"
,"    at Request.callListeners (/var/task/node_modules/aws-sdk/lib/sequential_executor.js:106:20)"
,"    at Request.emit (/var/task/node_modules/aws-sdk/lib/sequential_executor.js:78:10)"
,"    at Request.emit (/var/task/node_modules/aws-sdk/lib/request.js:683:14)"
,"    at Request.transition (/var/task/node_modules/aws-sdk/lib/request.js:22:10)"
,"    at AcceptorStateMachine.runTo (/var/task/node_modules/aws-sdk/lib/state_machine.js:14:12)"
,"    at /var/task/node_modules/aws-sdk/lib/state_machine.js:26:10"
,"    at Request.<anonymous> (/var/task/node_modules/aws-sdk/lib/request.js:38:9)"
,"    at Request.<anonymous> (/var/task/node_modules/aws-sdk/lib/request.js:685:12)"
,"    at Request.callListeners (/var/task/node_modules/aws-sdk/lib/sequential_executor.js:116:18)"
]}
,"promise":{},"stack":
["Runtime.UnhandledPromiseRejection: AccessDenied: Access Denied"
,"    at process.<anonymous> (/var/runtime/index.js:35:15)"
,"    at process.emit (events.js:310:20)"
,"    at process.EventEmitter.emit (domain.js:482:12)"
,"    at processPromiseRejections (internal/process/promises.js:209:33)"
,"    at processTicksAndRejections (internal/process/task_queues.js:98:32)"]}

任何帮助将不胜感激。似乎我不允许发布问题,直到有更多文本而不只是代码为止。

2 个答案:

答案 0 :(得分:1)

要上传到存储桶,我只是使用这种方式:

iamRoleStatements:
    - Effect: Allow
      Action:
        - s3:PutObject
      Resource: "arn:aws:s3:::my-bucket/*"

我看到您正在使用两个- Effect: Allow,也许是问题所在。尝试只使用一个。或者,您可以尝试使用先上传的效果,仅用于测试:

 iamRoleStatements:
    - Effect: 'Allow'
      Action:
        - 's3:PutObject'
        - 's3:GetObject'
      Resource: "arn:aws:s3:::*/*"
    - Effect: 'Allow'
      Action:
        - 's3:ListBucket'
      Resource: "arn:aws:s3:::*"

我假设您的用户权限已启用。如果没有,那是肯定的。启用对AWS IAM的权限。

答案 1 :(得分:0)

我也有类似的疑问,结果发现我在Lambda角色上缺少s3:PutObjectTagging特权。我的Node.js应用在上传时正在添加标签,以下是我传递给S3.put()的参数,

const uploadParams = {
          Bucket: chunk.bucketName,
          Key: chunk.filePath,
          Tagging: 'created_by=MY-TAG',
          Body: passThrough
        }

有趣的是,当我从本地运行代码时,它上传正常,只有在云环境中运行Node.js时才抱怨。有关详细信息,请查看我的回复here

相关问题
最新问题