I am trying this way
import logging
from urllib import parse
import boto3
import os
import traceback
from botocore.exceptions import ClientError
logger = logging.getLogger(__name__)
logger.setLevel("INFO")
aws_region = os.environ['AWS_REGION']
s3 = boto3.resource("s3")
session = boto3.Session(region_name=aws_region)
s3_client = session.client('s3')
s3 = boto3.resource('s3')
def lambda_handler(event, context):
try:
response = s3.meta.client.copy(source, destination_bucket, key)
logger.info("File copied to the destination bucket successfully!")
response = s3_client.copy_object(
Bucket=destination_bucket_name,
Key=s3_migration_source_object_key,
CopySource={'Bucket': s3_migration_source_bucket, 'Key': s3_migration_source_object_key, 'VersionId': s3_migration_source_object_version_id},
Metadata={"x-version": s3_migration_source_object_version_id},
MetadataDirective='REPLACE'
)
logger.info("Copied successfully [RESPONSE]: %s", response)
result_string = f"Copied successfully ObjectKey: {s3_migration_source_object_key} and versionId: {s3_migration_source_object_version_id} to bucket: {destination_bucket_name}"
logger.info(result_string)
result_code = "Succeeded"
except ClientError as error:
logger.error("An error occurred during S3 object copy operation:")
logger.error(error)
logger.error(traceback.format_exc())
Two problems with current approach I am always getting Access denied
botocore.exceptions.ClientError: An error occurred (AccessDenied) when calling the CopyObject operation: Access Denied
requirement is I wanted to attach old versionId within the header attribute of newly copied item.
I have cross verify Destination bucket have full permission to write object, even AWS Lambda also granted with full rights.
In my policy JSON data under the permission of AWS S3 bucket is
Hi, this is good for the target bucket, you need a similar Statement for source bucket , maybe limited to read only