Amazon web services 无服务器-无法从S3读取文件_Amazon Web Services_Amazon S3_Permissions_Aws Lambda_Serverless Framework

Amazon web services 无服务器-无法从S3读取文件

amazon-web-services amazon-s3 permissions aws-lambda

Amazon web services 无服务器-无法从S3读取文件,amazon-web-services,amazon-s3,permissions,aws-lambda,serverless-framework,Amazon Web Services,Amazon S3,Permissions,Aws Lambda,Serverless Framework,我有两个Lambda函数是用NodeJS和无服务器框架编写的这些函数的IAM角色允许放置和获取对象： iamRoleStatements: - Effect: "Allow" Action: - "s3:ListBucket" - "s3:GetObject" - "s3:PutObject" - "s3:GetBucketNotification" - "s3:PutBucketNotific

我有两个Lambda函数是用NodeJS和无服务器框架编写的这些函数的IAM角色允许放置和获取对象：

iamRoleStatements:
    - Effect: "Allow"
      Action:
        - "s3:ListBucket"
        - "s3:GetObject"
        - "s3:PutObject"
        - "s3:GetBucketNotification"
        - "s3:PutBucketNotification"
      Resource:
        - Fn::Join: [
            "", [
              "arn:aws:s3:::",
              {
                "Ref": "DataBucket"
              },
              "/*"
            ]
          ]
        - Fn::Join: [
            "", [
              "arn:aws:s3:::",
              {
                "Ref": "DataBucket"
              },
            ]
          ]

一个函数将文件放入S3并正常工作，下一个函数通过S3事件调用，由于访问被拒绝而无法读取此文件

在我更改dataBucketName资源名称之前，它一直正常工作：

resources:
  Resources:
    DataBucket:
      Type: AWS::S3::Bucket
      Properties:
        BucketName: ${self:custom.dataBucketName}

有人能告诉我问题可能在哪里以及如何开始调试吗？

这不是解决问题的方法，而是简化和纠正IAM角色的小问题：

iamRoleStatements:
- Effect: Allow
  Action:
  - s3:ListBucket
  - s3:GetBucketNotification
  - s3:PutBucketNotification
  Resource: arn:aws:s3:::${self:custom.dataBucketName}
- Effect: Allow
  Action:
  - s3:GetObject
  - s3:PutObject
  Resource: arn:aws:s3:::${self:custom.dataBucketName}/*

仅供参考，避免使用复杂的多行Fn:：Join语句，只使用arn:aws:s3:：${self:custom.dataBucketName}会更简单/*