[英]Unable to upload the objects into AWS S3 bucket using NodeJS…getting Access Denied 403
尝试使用 NodeJS 程序将对象上传到 AWS S3 时出现以下错误。
2020-07-24T15:04:45.744Z 91aaad14-c00a-12c4-89f6-4c59fee047a1 INFO uploading to S3
2020-07-24T15:04:47.383Z 91aaad14-c00a-12c4-89f6-4c59fee047a1 INFO Bucket has been created already
2020-07-24T15:04:47.714Z 91aaad14-c00a-12c4-89f6-4c59fee047a1 INFO AccessDenied: Access Denied
at Request.extractError (/opt/nodejs/node_modules/aws-sdk/lib/services/s3.js:831:35)
at Request.callListeners (/opt/nodejs/node_modules/aws-sdk/lib/sequential_executor.js:106:20)
at Request.emit (/opt/nodejs/node_modules/aws-sdk/lib/sequential_executor.js:78:10)
at Request.emit (/opt/nodejs/node_modules/aws-sdk/lib/request.js:688:14)
at Request.transition (/opt/nodejs/node_modules/aws-sdk/lib/request.js:22:10)
at AcceptorStateMachine.runTo (/opt/nodejs/node_modules/aws-sdk/lib/state_machine.js:14:12)
at /opt/nodejs/node_modules/aws-sdk/lib/state_machine.js:26:10
at Request.<anonymous> (/opt/nodejs/node_modules/aws-sdk/lib/request.js:38:9)
at Request.<anonymous> (/opt/nodejs/node_modules/aws-sdk/lib/request.js:690:12)
at Request.callListeners (/opt/nodejs/node_modules/aws-sdk/lib/sequential_executor.js:116:18) {
code: 'AccessDenied',
region: null,
time: 2020-07-24T15:04:47.713Z,
requestId: '3FB484FAC50110BF',
这是我在 NodeJS 中的 S3 存储桶创建和上传代码(connect.ts):-
import * as AWS from 'aws-sdk';
export class S3Client {
protected client: AWS.S3
constructor(accessKeyId: string, secretAccessKey: string) {
this.client = new AWS.S3( { accessKeyId, secretAccessKey } )
}
public uploadToS3(bucketName: string, folderName: string, subFolderName: string,
anotherSubFolderName: string, region: string, FILE_NAME: string, contents: any) {
console.log('uploading to S3');
let params: AWS.S3.Types.PutObjectRequest = {
Bucket: bucketName,
Key: `${folderName}/${subFolderName}/${anotherSubFolderName}/${FILE_NAME}`,
Body: contents,
ContentType: 'application/json; charset=utf-8',
ACL: 'public-read',
CacheControl: 'max-age=60'
}
return new Promise((resolve, reject) => {
this.client.createBucket({Bucket: bucketName}, (error, data) => {
if (error && error.statusCode == 409){
console.log("Bucket has been created already");
}else{
console.log('Bucket Created Successfully');
}
this.client.putObject(params, (error, data) => {
if (error) {
return reject(error);
}
console.log("Successfully uploaded data to " + bucketName);
return resolve(data);
});
})
})
};
}
我正在使用 SAM(无服务器应用程序模型)模板编写 Lambda function。 我创建了一个具有 CLI 凭证(访问/秘密访问密钥)的 IAM 用户,该用户具有对 S3 存储桶的完全访问权限。 我的 Lambda function 运行良好,但是当我尝试上传 object 时,它会因访问被拒绝错误而失败。 我添加了 console.log() 以查看在尝试创建 S3 客户端 object 时是否能够从环境变量中读取访问/秘密访问密钥,如下所示:-
index.ts:-
import { S3Client } from './s3/connect';
const s3Client = new S3Client(
process.env.ACCESS_KEY_ID,
process.env.SECRET_ACCESS_KEY
)
const res = await s3Client.uploadToS3(bucketName, folderName, subFolderName,
anotherSubFolderName, region, FILE_NAME, JSON.stringify({ hello: 'world' }));
请协助就我的以下查询提供建议:-
如何确保我使用的是正确的 AWS 账户? 因为虽然它说,已经创建了存储桶,但是当我登录到 AWS 控制台时,我没有看到任何存储桶。 由于存储桶是全局的,所以我看不到给定列表中的任何存储桶。 因此,不确定是否在正确的 AWS 账户中创建了存储桶。
如果一切都正确,那么您能否建议我何时应该进一步检查以调试此访问被拒绝问题?
谢谢
您正在将该区域传递给您的 function,但实际上并没有在 PutObjectRequest 或创建 s3client 时设置它。
即,通用 s3 object:
const credentials = { accessKeyId: process.env.AWS_S3_ACCESS_KEY, secretAccessKey: process.env.AWS_S3_SECRET }
const s3 = new AWS.S3({ region: 'eu-west-1', credentials, useArnRegion: true })
编辑.. 我认为存储桶默认为 us-west-1 所以也许在 s3 中查找您帐户中的该区域?
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.