Serverless deployement giving access denied and forbidden on writing and reading an s3 bucket respectively

Question

I have an api which takes a file from user and uploads it to s3. I am using my IAM access and secret to configure the s3 client. I have turned off all public access in my bucket and am using default permissions. In my local machine, I am able to read and write objects in the bucket successfully but when I am deploying it to a lambda using serverless, and checking the api it is giving error access denied for writing and Forbidden: null for reading. I have checked my environment variables and they seem correct. I don't understand why it is not working on Serverless if it is working locally.

Answer

Hi,

When running in Lambda, you don't want to use env var for access keys and secret keys: it is a bad practice.

You rather want to use the Lambda execution role and grant it the service credentials needed by your use case:  https://docs.aws.amazon.com/lambda/latest/dg/lambda-intro-execution-role.html

This article explains very well how to use the execution role: https://medium.com/aws-lambda-serverless-developer-guide-with-hands/aws-lambda-permissions-execution-role-and-resource-based-policies-be2e325998fc

Best,

Didier

Serverless deployement giving access denied and forbidden on writing and reading an s3 bucket respectively

관련 콘텐츠