Amazon web services 无服务器-无法从S3读取文件
我有两个Lambda函数是用NodeJS和无服务器框架编写的 这些函数的IAM角色允许放置和获取对象:Amazon web services 无服务器-无法从S3读取文件,amazon-web-services,amazon-s3,permissions,aws-lambda,serverless-framework,Amazon Web Services,Amazon S3,Permissions,Aws Lambda,Serverless Framework,我有两个Lambda函数是用NodeJS和无服务器框架编写的 这些函数的IAM角色允许放置和获取对象: iamRoleStatements: - Effect: "Allow" Action: - "s3:ListBucket" - "s3:GetObject" - "s3:PutObject" - "s3:GetBucketNotification" - "s3:PutBucketNotific
iamRoleStatements:
- Effect: "Allow"
Action:
- "s3:ListBucket"
- "s3:GetObject"
- "s3:PutObject"
- "s3:GetBucketNotification"
- "s3:PutBucketNotification"
Resource:
- Fn::Join: [
"", [
"arn:aws:s3:::",
{
"Ref": "DataBucket"
},
"/*"
]
]
- Fn::Join: [
"", [
"arn:aws:s3:::",
{
"Ref": "DataBucket"
},
]
]
一个函数将文件放入S3并正常工作,下一个函数通过S3事件调用,由于访问被拒绝而无法读取此文件
在我更改dataBucketName资源名称之前,它一直正常工作:
resources:
Resources:
DataBucket:
Type: AWS::S3::Bucket
Properties:
BucketName: ${self:custom.dataBucketName}
有人能告诉我问题可能在哪里以及如何开始调试吗?这不是解决问题的方法,而是简化和纠正IAM角色的小问题:
iamRoleStatements:
- Effect: Allow
Action:
- s3:ListBucket
- s3:GetBucketNotification
- s3:PutBucketNotification
Resource: arn:aws:s3:::${self:custom.dataBucketName}
- Effect: Allow
Action:
- s3:GetObject
- s3:PutObject
Resource: arn:aws:s3:::${self:custom.dataBucketName}/*
仅供参考,避免使用复杂的多行Fn::Join语句,只使用arn:aws:s3::${self:custom.dataBucketName}会更简单/*