[英]Access Denied Error 500 Deleting Object in S3 Bucket from Lambda function using NodeJS and Postman
I need to delete an object in S3 from a Lambda function.我需要从 Lambda function 中删除 S3 中的 object。 I have tried everything, and this is driving me crazy, please help!我已经尝试了一切,这让我发疯,请帮助!
I have a lambda function associated with an API GATEWAY from AWS.我有一个 lambda function 与来自 AWS 的 API GATEWAY 关联。 When I make the request in Postman, I receive an Access Denied message with a 500 internal server error code.当我在 Postman 中发出请求时,我收到一条带有 500 内部服务器错误代码的拒绝访问消息。 The CloudWatch logs don't show additional info. CloudWatch 日志不显示其他信息。
When I use the AWS CLI, i can delete the object succesfully using this command:当我使用 AWS CLI 时,我可以使用以下命令成功删除 object:
aws s3api delete-object --bucket <<My-Bucket>> --key <<My-Key>>
Additionally, I can upload files to S3 with another request in Postman, without any problem.此外,我可以使用 Postman 中的另一个请求将文件上传到 S3,没有任何问题。
But when I use the code uploaded to Lambda, it doesn't work.但是当我使用上传到Lambda的代码时,它不起作用。 I am using AWS SDK v3, but I have already tried with older versions.我正在使用 AWS SDK v3,但我已经尝试过使用旧版本。 The relevant code is the following:相关代码如下:
const {S3Client, DeleteObjectCommand} = require("@aws-sdk/client-s3");
const client = new S3Client({region: process.env.AWS_REGION});
const command = new DeleteObjectCommand({
Bucket: process.env.BUCKET_NAME, Key: `posts/${familyId}/${magazineId}/${postId}`
});
await client.send(command);
My IAM user has S3 Full Access.我的 IAM 用户拥有 S3 完全访问权限。 IAM user permissions IAM 用户权限
The bucket owner is this IAM user.存储桶拥有者就是这个 IAM 用户。 The policy of my S3 bucket is the following:我的 S3 存储桶的策略如下:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::<<My-account-id>>:user/<<My-username>>"
},
"Action": [
"s3:ListBucket"
],
"Resource": "arn:aws:s3:::<<My-bucket>>"
},
{
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::<<My-account-id>>:user/<<My-username>>"
},
"Action": [
"s3:PutObject",
"s3:PutObjectAcl",
"s3:GetObject",
"s3:GetObjectAcl",
"s3:DeleteObject"
],
"Resource": "arn:aws:s3:::<<My-bucket>>/*"
}
]
}
I tried unblocking public access, but the problem remains.我尝试取消阻止公共访问,但问题仍然存在。 The command:命令:
aws configure list
Shows me the access key, secret key and region that I expect.显示我期望的访问密钥、密钥和区域。 Any idea would be highly appreciated, thank you!!任何想法将不胜感激,谢谢!
Answering myself as I found the solution:当我找到解决方案时回答自己:
I am using AWS SAM to deploy the lambda functions (infrastructure as code).我正在使用 AWS SAM 部署 lambda 功能(基础设施即代码)。 I was missing the permissions needed in template.yml.我缺少 template.yml 中所需的权限。 Added this policy to the lambda function in template.yml and it worked.将此策略添加到 template.yml 中的 lambda function 并且它有效。
MyFunction:
Type: AWS::Serverless::Function
Properties:
Policies:
- S3CrudPolicy:
BucketName: !Ref BucketName
Check these docs to troubleshoot additional access denied errors: https://aws.amazon.com/premiumsupport/knowledge-center/s3-troubleshoot-403/查看这些文档以解决其他访问被拒绝错误: https://aws.amazon.com/premiumsupport/knowledge-center/s3-troubleshoot-403/
Hope it helps!希望能帮助到你!
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.