[英]Copying S3 bucket file to secondary bucket?
Issue: My access is being denied when I run the following AWS Lambda code: 问题:运行以下AWS Lambda代码时,我的访问被拒绝:
require 'json'
require "aws-sdk-s3"
def lambda_handler(event:, context:)
client = Aws::S3::Client.new(region: 'us-east-2')
record = event["Records"][0]
key = record.dig *%w(s3 object key)
client.copy_object({
bucket: "bucket-name",
copy_source: "#{key}",
key: "#{key}",
})
end
Error: 错误:
"errorType": "Function<Aws::S3::Errors::AccessDenied>",
My IAM role: 我的IAM角色:
AmazonS3FullAccess
: AWS managed policy AmazonS3FullAccess
:AWS托管策略
AWSLambdaBasicExecutionRole-e41b74ba-3cef-4470-8f1c-3f900591016c
: Managed policy AWSLambdaBasicExecutionRole-e41b74ba-3cef-4470-8f1c-3f900591016c
:托管策略
AWSConfigRulesExecutionRole
Shouldn't this be good to go? 这不是很好吗?
The purpose of the lambda is to take files uploaded to the bucket and copy them over to another bucket. lambda的目的是将上传到存储桶的文件复制到另一个存储桶。
Since the code is run in AWS Lambda, your IAM role permissions have no impact on the code execution. 由于代码在AWS Lambda中运行,因此您的IAM角色权限对代码执行没有影响。 Instead Lambda execution role needs to have the S3 permission in this case.
相反,在这种情况下,Lambda执行角色需要具有S3权限。
You need to create a new role with required permissions and update Lambda execution role to the newly created role. 您需要创建具有所需权限的新角色,并将Lambda执行角色更新为新创建的角色。
require 'json'
require "aws-sdk-s3"
def lambda_handler(event:, context:)
client = Aws::S3::Client.new(region: 'us-east-2')
record = event["Records"][0]
key = record.dig *%w(s3 object key)
client.copy_object({
bucket: "bucket-name",
copy_source: "#{key}",
key: "#{key}",
})
end
Needs to be: 需要是:
require 'json'
require "aws-sdk-s3"
def lambda_handler(event:, context:)
client = Aws::S3::Client.new(region: 'us-east-2')
record = event["Records"][0]
key = record.dig *%w(s3 object key)
client.copy_object({
bucket: "bucket-name",
copy_source: "/bucketname/#{key}",
key: "#{key}",
})
end
Must specify the source which is the bucket-name/file-name 必须指定作为bucket-name / file-name的源
The copy_object()
command requires: copy_object()
命令需要:
Your code is only referencing one bucket name and is using the same Key. 您的代码仅引用一个存储桶名称并使用相同的密钥。
The documentation shows: 该文档显示:
resp = client.copy_object({
bucket: "destinationbucket",
copy_source: "/sourcebucket/HappyFace.jpg",
key: "HappyFaceCopyjpg",
})
You'll notice that copy_source
includes the source bucket name. 您会注意到
copy_source
包含源存储桶名称。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.