Amazon s3 调用CopyObject操作时发生错误(AccessDenied):拒绝访问
在AWS Lambda中运行Python代码时,使用boto3的Amazon s3 调用CopyObject操作时发生错误(AccessDenied):拒绝访问,amazon-s3,aws-lambda,boto3,amazon-iam,Amazon S3,Aws Lambda,Boto3,Amazon Iam,在AWS Lambda中运行Python代码时,使用boto3的copy\u object方法时,我遇到了这个错误 AWS Lambda代码 import json import boto3 def lambda_handler(event, context): some_binary_data = b'Here we have some data' client = boto3.client("s3") # Upload - Working
copy\u object
方法时,我遇到了这个错误
AWS Lambda代码
import json
import boto3
def lambda_handler(event, context):
some_binary_data = b'Here we have some data'
client = boto3.client("s3")
# Upload - Working
client.put_object(Body=some_binary_data, Bucket='test', Key="upload/binary_1.txt")
# Copy - Working
s3 = boto3.resource('s3')
copy_source = {
'Bucket': 'test',
'Key': 'upload/binary_1.txt'
}
s3.meta.client.copy(copy_source, 'test', 'upload/binary_1_copied.txt')
# Copy - NOT WORKING
# Access Denied even after adding GetObjectTagging and PutObjectTagging permissions in the policy
client.copy_object(Bucket="test", CopySource="upload/binary_1.txt", Key="upload/binary_1_copied.txt")
# Delete - Working
client.delete_object(Bucket="test", Key="upload/binary_1.txt")
return {
'statusCode': 200,
'body': json.dumps('Hello from Lambda!')
}
我将此策略(称为JSON)用于分配给lambda函数的角色
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"s3:ReplicateObject",
"s3:PutObject",
"s3:GetObject",
"s3:GetObjectTagging",
"s3:ListBucket",
"s3:PutObjectTagging",
"s3:DeleteObject",
"s3:PutObjectAcl"
],
"Resource": [
"arn:aws:s3:::test/*",
"arn:aws:s3:::test"
]
},
{
"Sid": "VisualEditor1",
"Effect": "Allow",
"Action": "s3:ListAllMyBuckets",
"Resource": "*"
}
]
}
注意-S3存储桶当前包含upload/binary_1.txt文件,如果
test
是您不能使用的实际存储桶名称。所有AWS帐户和地区的存储桶名称必须是唯一的。发件人:
Amazon S3 bucket名称是全局唯一的,并且名称空间由所有AWS帐户共享。这意味着在创建bucket之后,任何AWS区域中的其他AWS帐户都不能使用该bucket的名称,除非删除该bucket
因此,由于
test
存储桶属于其他人,所以您的访问被拒绝。您必须确保您的bucket名称是唯一的,并且不被任何其他人使用。我猜test
不是您的bucket的实际名称吗?是的,它test
是我的s3 bucket的实际名称