By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Need help for getting start for Copy object from One S3 bucket to other S3 bucket via AWS Lambda function

0

I am trying this way

import logging
from urllib import parse
import boto3
import os
import traceback
from botocore.exceptions import ClientError

logger = logging.getLogger(__name__)
logger.setLevel("INFO")

aws_region = os.environ['AWS_REGION']

s3 = boto3.resource("s3")
session = boto3.Session(region_name=aws_region)
s3_client = session.client('s3')
s3 = boto3.resource('s3')


def lambda_handler(event, context):
    try:
        response = s3.meta.client.copy(source, destination_bucket, key)
        logger.info("File copied to the destination bucket successfully!")
        
        response = s3_client.copy_object(
                Bucket=destination_bucket_name,
                Key=s3_migration_source_object_key,
                CopySource={'Bucket': s3_migration_source_bucket, 'Key': s3_migration_source_object_key, 'VersionId': s3_migration_source_object_version_id},
                Metadata={"x-version": s3_migration_source_object_version_id},
                MetadataDirective='REPLACE'
            )
        logger.info("Copied successfully [RESPONSE]: %s", response)
        result_string = f"Copied successfully ObjectKey: {s3_migration_source_object_key} and versionId: {s3_migration_source_object_version_id} to bucket: {destination_bucket_name}"

        logger.info(result_string)
        result_code = "Succeeded"
    except ClientError as error:
        logger.error("An error occurred during S3 object copy operation:")
        logger.error(error)
        logger.error(traceback.format_exc())

Two problems with current approach I am always getting Access denied

botocore.exceptions.ClientError: An error occurred (AccessDenied) when calling the CopyObject operation: Access Denied

requirement is I wanted to attach old versionId within the header attribute of newly copied item. I have cross verify Destination bucket have full permission to write object, even AWS Lambda also granted with full rights.

Topics
StorageServerlessCompute
Tags
Amazon Simple Storage ServiceAWS Lambda
Language
English
profile picture
Dnyaneshwar
asked 16 days ago204 views
2 Answers
0
Accepted Answer

Hi,

Are you sure that your Lambda execution role is correct: i.e. giving all needed rights to source and destination buckets?

Please, follow this article to have all required steps: https://repost.aws/knowledge-center/lambda-copy-s3-files

Best,

Didier

profile pictureAWS
EXPERT
Didier_Durand
answered 15 days ago
  • Dnyaneshwar
    13 days ago

    In my policy JSON data under the permission of AWS S3 bucket is

    {
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Principal": {
                "AWS": "arn:aws:iam::123450721234:user/dev-storage"
            },
            "Action": "s3:*",
            "Resource": [
                "arn:aws:s3:::dev-bucket-migrated/*",
                "arn:aws:s3:::dev-bucket-migrated"
            ]
        }
    ]
}
  • Didier_Durand EXPERT
    12 days ago

    Hi, this is good for the target bucket, you need a similar Statement for source bucket , maybe limited to read only

0

You can use S3 Replication for that exact same task: https://docs.aws.amazon.com/AmazonS3/latest/userguide/replication.html

https://aws.amazon.com/blogs/storage/a-step-by-step-guide-to-synchronize-data-between-amazon-s3-buckets/

AWS
Nuno_Q
answered 16 days ago
  • Dnyaneshwar
    16 days ago

    I dont think so, this is feasible. since it is having mechanism to use Athena which I really dont want to encounter, wanted to keep it very much simple and straight forward mechanism.

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content