stackoom
  简体   繁体   中英

Access Denied Error 500 Deleting Object in S3 Bucket from Lambda function using NodeJS and Postman

 原文  2022-01-18 07:29:22       node.js/ amazon-s3/ aws-lambda/ amazon-iam/ aws-sam

Question

I need to delete an object in S3 from a Lambda function. I have tried everything, and this is driving me crazy, please help!

I have a lambda function associated with an API GATEWAY from AWS. When I make the request in Postman, I receive an Access Denied message with a 500 internal server error code. The CloudWatch logs don't show additional info.

Postman response

When I use the AWS CLI, i can delete the object succesfully using this command:

aws s3api delete-object --bucket <<My-Bucket>> --key <<My-Key>>

Additionally, I can upload files to S3 with another request in Postman, without any problem.

But when I use the code uploaded to Lambda, it doesn't work. I am using AWS SDK v3, but I have already tried with older versions. The relevant code is the following:

const {S3Client, DeleteObjectCommand} = require("@aws-sdk/client-s3");
const client = new S3Client({region: process.env.AWS_REGION});
const command = new DeleteObjectCommand({
    Bucket: process.env.BUCKET_NAME, Key: `posts/${familyId}/${magazineId}/${postId}`
            });
await client.send(command);

My IAM user has S3 Full Access. IAM user permissions

The bucket owner is this IAM user. The policy of my S3 bucket is the following:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Principal": {
                "AWS": "arn:aws:iam::<<My-account-id>>:user/<<My-username>>"
            },
            "Action": [
                "s3:ListBucket"
            ],
            "Resource": "arn:aws:s3:::<<My-bucket>>"
        },
        {
            "Effect": "Allow",
            "Principal": {
                "AWS": "arn:aws:iam::<<My-account-id>>:user/<<My-username>>"
            },
            "Action": [
                "s3:PutObject",
                "s3:PutObjectAcl",
                "s3:GetObject",
                "s3:GetObjectAcl",
                "s3:DeleteObject"
            ],
            "Resource": "arn:aws:s3:::<<My-bucket>>/*"
        }
    ]
}

I tried unblocking public access, but the problem remains. The command:

aws configure list

Shows me the access key, secret key and region that I expect. Any idea would be highly appreciated, thank you!!

1 answers

solution1
 0  2022-01-18 18:03:25

Answering myself as I found the solution:

I am using AWS SAM to deploy the lambda functions (infrastructure as code). I was missing the permissions needed in template.yml. Added this policy to the lambda function in template.yml and it worked.

MyFunction:
    Type: AWS::Serverless::Function
    Properties:
          Policies:
            - S3CrudPolicy:
                BucketName: !Ref BucketName

Check these docs to troubleshoot additional access denied errors: https://aws.amazon.com/premiumsupport/knowledge-center/s3-troubleshoot-403/

Hope it helps!

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Access Denied error while doing upload document to S3 bucket from POSTMAN Access denied on aws lambda function when getObject from S3 bucket Resizing the image in S3 bucket from lambda trigger using nodejs Unable to upload the objects into AWS S3 bucket using NodeJS…getting Access Denied 403 How to create nested folders in aws s3 bucket using nodejs with lambda function? Not getting results when attempting to read the content of an S3 bucket from AWS Lambda function in Nodejs Why does my GetObjectRequest return a 403 Access Denied error when my Lambda has access to the S3 bucket? S3 Object upload to a private bucket using a pre-signed URL result in Access denied How do I access an S3 object from a Lambda function? access denied in lambda when trying to access file uploaded to s3 bucket
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM