Usando AWS re:Post, accetti AWS re:Post Termini di utilizzo
AWS re:Postre:Post

Need help for getting start for Copy object from One S3 bucket to other S3 bucket via AWS Lambda function

0

I am trying this way

import logging
from urllib import parse
import boto3
import os
import traceback
from botocore.exceptions import ClientError

logger = logging.getLogger(__name__)
logger.setLevel("INFO")

aws_region = os.environ['AWS_REGION']

s3 = boto3.resource("s3")
session = boto3.Session(region_name=aws_region)
s3_client = session.client('s3')
s3 = boto3.resource('s3')


def lambda_handler(event, context):
    try:
        response = s3.meta.client.copy(source, destination_bucket, key)
        logger.info("File copied to the destination bucket successfully!")
        
        response = s3_client.copy_object(
                Bucket=destination_bucket_name,
                Key=s3_migration_source_object_key,
                CopySource={'Bucket': s3_migration_source_bucket, 'Key': s3_migration_source_object_key, 'VersionId': s3_migration_source_object_version_id},
                Metadata={"x-version": s3_migration_source_object_version_id},
                MetadataDirective='REPLACE'
            )
        logger.info("Copied successfully [RESPONSE]: %s", response)
        result_string = f"Copied successfully ObjectKey: {s3_migration_source_object_key} and versionId: {s3_migration_source_object_version_id} to bucket: {destination_bucket_name}"

        logger.info(result_string)
        result_code = "Succeeded"
    except ClientError as error:
        logger.error("An error occurred during S3 object copy operation:")
        logger.error(error)
        logger.error(traceback.format_exc())

Two problems with current approach I am always getting Access denied

botocore.exceptions.ClientError: An error occurred (AccessDenied) when calling the CopyObject operation: Access Denied

requirement is I wanted to attach old versionId within the header attribute of newly copied item. I have cross verify Destination bucket have full permission to write object, even AWS Lambda also granted with full rights.

Argomenti
ArchiviazioneServerlessComputazionali
Tag
Servizio di archiviazione semplice di AmazonAWS Lambda
Lingua
English
profile picture
Dnyaneshwar
posta un mese fa239 visualizzazioni
2 Risposte
0
Risposta accettata

Hi,

Are you sure that your Lambda execution role is correct: i.e. giving all needed rights to source and destination buckets?

Please, follow this article to have all required steps: https://repost.aws/knowledge-center/lambda-copy-s3-files

Best,

Didier

profile pictureAWS
ESPERTO
Didier_Durand
con risposta un mese fa
  • Dnyaneshwar
    un mese fa

    In my policy JSON data under the permission of AWS S3 bucket is

    {
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Principal": {
                "AWS": "arn:aws:iam::123450721234:user/dev-storage"
            },
            "Action": "s3:*",
            "Resource": [
                "arn:aws:s3:::dev-bucket-migrated/*",
                "arn:aws:s3:::dev-bucket-migrated"
            ]
        }
    ]
}
  • Didier_Durand ESPERTO
    un mese fa

    Hi, this is good for the target bucket, you need a similar Statement for source bucket , maybe limited to read only

0

You can use S3 Replication for that exact same task: https://docs.aws.amazon.com/AmazonS3/latest/userguide/replication.html

https://aws.amazon.com/blogs/storage/a-step-by-step-guide-to-synchronize-data-between-amazon-s3-buckets/

AWS
Nuno_Q
con risposta un mese fa
  • Dnyaneshwar
    un mese fa

    I dont think so, this is feasible. since it is having mechanism to use Athena which I really dont want to encounter, wanted to keep it very much simple and straight forward mechanism.

Accesso non effettuato. Accedi per postare una risposta.

Una buona risposta soddisfa chiaramente la domanda, fornisce un feedback costruttivo e incoraggia la crescita professionale del richiedente.

Linee guida per rispondere alle domande

Contenuto pertinente