I'm getting access denied when trying to access s3 log files.
This is a corporate account so i dont have root access. My user account, as well as the account i use with aws cli both have "administrator access" in iam.
I have 2 buckets that have logging enabled (Server access logging) and are writing their logs to a third bucket. all 3 buckets are in the same account.
I am completely unable to access these log files:
-
via aws gui, i can see the files, i can open their details, but any method i try to download them always results in the access denied xml response.
-
via aws cli using aws s3 sync, again, access denied error.
-
in lambda, with a policy that allows get object on all keys in the third bucket, also access denied.
Looking at the log file details i can see they are owned by s3-log-service. I do not want to make the files public (public is completely disabled on this bucket).
the end goal is option 3 above, i need to have a lambda script that parses the s3 log files so it needs to be able to read them. Manually updating the log files is not really an option as the flow should be fully automated. There there an iam policy or similar that needs to be configured to ensure the lambda has access to the s3-log-service owned files?
thanks!
Edited by: Thomas Smart on Dec 4, 2019 9:26 PM
AWS 공식업데이트됨 2년 전