- Newest
- Most votes
- Most comments
Hi there!
What exactly is the error you are getting?
Here is a tutorial on how to run a Lambda function responding to an S3 event notification. Based on the tutorial, your policy looks okay. Please ensure you created a role that uses this policy, and this role is configured as the Lambda function's execution role.
I hope this helps.
ListBucket is bucket level access, where as GetObject is object level access.
Add "arn:aws:s3:::<bucket_name>" as well in the resource section.
{
"Effect": "Allow",
"Action": [
"s3:GetObject",
"s3:ListBucket",
"s3:GetBucketPolicy",
"s3-object-lambda:*"
],
"Resource": [
"arn:aws:s3:::<bucket_name>"
"arn:aws:s3:::*/*"
]
}
Also, if lambda function is receiving events on s3 upload from eventbridge rule, then, have you added permissions in lambda function for event, so event can trigger lambda function at the time of file upload. In cloudformation, it'd look like something as below but you can add that over console as well if not done.
rLambdaInvokePermission:
Type: 'AWS::Lambda::Permission'
Properties:
FunctionName: !Ref myLambdaFunction
Action: 'lambda:InvokeFunction'
Principal: events.amazonaws.com
SourceArn: !GetAtt rEventRule.Arn
Hope you find this useful.
Comment here if you have additional questions, happy to help.
Abhishek
Relevant content
- asked a year ago
- asked 4 years ago
- What's the difference between Lambda function execution role permissions and invocation permissions?AWS OFFICIALUpdated 3 years ago
Can you please share the error message ?