Lambda: Access denied for Put Object Operation despite S3FullAccess

Question

I have a Lambda function that pulls data from an S3 bucket, transforms it and puts it into another bucket. I gave it S3FullAccess, which should include all operations. Loading data is no problem, however when I try to store the transformed data in a new bucket (or even a different folder within the same bucket), the following error message occurs:

"An error occurred (AccessDenied) when calling the PutObject operation: Access Denied"

The following lines both throw the error:

awswrangler.s3.to_csv(joined_df, 's3://buckets/other-bucket/data.csv', index=False)

awswrangler.s3.to_csv(joined_df, 's3://buckets/my-bucket/other-subfolder/data.csv', index=False)

This is, again, despite the Lambda having AmazonS3FullAccess. Does anyone know what is wrong here?

Answer

Hi THere

If the IAM user has the correct permissions to upload to the bucket, then check the following policies for settings that are preventing the uploads:

IAM user permission to s3:PutObjectAcl
    Conditions in the bucket policy
    Access allowed by an Amazon Virtual Private Cloud (Amazon VPC) endpoint policy
    AWS KMS encryption

See https://aws.amazon.com/premiumsupport/knowledge-center/s3-403-upload-bucket/

Lambda: Access denied for Put Object Operation despite S3FullAccess

관련 콘텐츠