[英]AWS Lambda can't delete Amazon S3 object
I'm trying to create an AWS Lambda function, which processes a file uploaded to the first bucket, then saves it to the second bucket and then deletes the input file. 我正在尝试创建一个AWS Lambda函数,该函数处理上传到第一个存储桶的文件,然后将其保存到第二个存储桶,然后删除输入文件。
The problem is that when I'm trying to delete the file I'm getting 问题是,当我试图删除我正在获取的文件时
{
"message": "Access Denied",
"code": "AccessDenied",
"time": "2015-02-09T22:08:45.926Z",
"statusCode": 403,
"retryable": false,
"retryDelay": 30
}
The code snippet, which tries to delete the file is 试图删除文件的代码片段是
s3.deleteObject({
Bucket: inputBucket,
Key: inputKey
}, function(a, b) {
if (a) {
console.error("Error on delete");
console.error(a);
} else {
console.log("Deleted successfully");
}
});
The possible reason why lambda wasn't able to delete the file ( S3 object ) could be due to the Lambda's Execution Role. lambda无法删除文件(S3对象)的可能原因可能是Lambda的执行角色。
Steps to solve this 解决这个问题的步骤
{
"Statement": [
{
"Sid": "Stmt1423535846414",
"Action": [
"s3:DeleteObject"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::*"
}
]
}
I had trouble with weird characters and spaces within inputKey. 我在inputKey中遇到了奇怪的字符和空格。 Try with a simple name. 尝试使用简单的名称。
Go to IAM -> Roles -> <assigned-role-name> -> Permissions -> <policy-name>
转到IAM -> Roles -> <assigned-role-name> -> Permissions -> <policy-name>
Make sure your policy has the following: 确保您的政策具有以下内容:
{
"Statement": [
{
"Action": [
"s3:*"
],
"Resource": [
"arn:aws:s3:::<my-bucket>",
"arn:aws:s3:::<my-bucket>/*"
],
"Effect": "Allow"
}
]
}
Note: arn:aws:s3:::<my-bucket>
is for accessing my-bucket
whereas arn:aws:s3:::<my-bucket>/*
is for accessing all objects under my-bucket
. 注意: arn:aws:s3:::<my-bucket>
用于访问my-bucket
而arn:aws:s3:::<my-bucket>/*
用于访问my-bucket
下的所有对象。 They are similar but not the same. 它们相似但不一样。 They need to be both present to ensure lambda has full S3 access 它们必须同时存在以确保lambda具有完全的S3访问权限
Hope this helps 希望这可以帮助
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.