Lambda: Access denied for Put Object Operation despite S3FullAccess

0

I have a Lambda function that pulls data from an S3 bucket, transforms it and puts it into another bucket. I gave it S3FullAccess, which should include all operations. Loading data is no problem, however when I try to store the transformed data in a new bucket (or even a different folder within the same bucket), the following error message occurs:

"An error occurred (AccessDenied) when calling the PutObject operation: Access Denied"

The following lines both throw the error:

awswrangler.s3.to_csv(joined_df, 's3://buckets/other-bucket/data.csv', index=False)

awswrangler.s3.to_csv(joined_df, 's3://buckets/my-bucket/other-subfolder/data.csv', index=False)

This is, again, despite the Lambda having AmazonS3FullAccess. Does anyone know what is wrong here?

1回答
1

Hi THere

If the IAM user has the correct permissions to upload to the bucket, then check the following policies for settings that are preventing the uploads:

IAM user permission to s3:PutObjectAcl
Conditions in the bucket policy
Access allowed by an Amazon Virtual Private Cloud (Amazon VPC) endpoint policy
AWS KMS encryption

See https://aws.amazon.com/premiumsupport/knowledge-center/s3-403-upload-bucket/

profile pictureAWS
エキスパート
Matt-B
回答済み 1年前
profile pictureAWS
エキスパート
レビュー済み 1年前
  • Thanks for this, I went through these policies but none seem to apply in my case. I specifically created a new policy and role now with "s3:PutObjectAcl" permission, added it to a new role & gave it access through the bucket policy.

    There are no conditions in the bucket policy, VPCs play no role and the bucket is not KMS encrypted. Is there any other possible reason?

ログインしていません。 ログイン 回答を投稿する。

優れた回答とは、質問に明確に答え、建設的なフィードバックを提供し、質問者の専門分野におけるスキルの向上を促すものです。

質問に答えるためのガイドライン

関連するコンテンツ