By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Serverless deployement giving access denied and forbidden on writing and reading an s3 bucket respectively

0

I have an api which takes a file from user and uploads it to s3. I am using my IAM access and secret to configure the s3 client. I have turned off all public access in my bucket and am using default permissions. In my local machine, I am able to read and write objects in the bucket successfully but when I am deploying it to a lambda using serverless, and checking the api it is giving error access denied for writing and Forbidden: null for reading. I have checked my environment variables and they seem correct. I don't understand why it is not working on Serverless if it is working locally.

Topics
ServerlessSecurity, Identity, & ComplianceStorage
Tags
ServerlessIAM PoliciesAmazon S3 Access Grants
Language
English
Dwaipayan Vidyanta
asked 14 days ago189 views
1 Answer
1

Hi,

When running in Lambda, you don't want to use env var for access keys and secret keys: it is a bad practice.

You rather want to use the Lambda execution role and grant it the service credentials needed by your use case: https://docs.aws.amazon.com/lambda/latest/dg/lambda-intro-execution-role.html

This article explains very well how to use the execution role: https://medium.com/aws-lambda-serverless-developer-guide-with-hands/aws-lambda-permissions-execution-role-and-resource-based-policies-be2e325998fc

Best,

Didier

profile pictureAWS
EXPERT
Didier_Durand
answered 13 days ago
profile picture
EXPERT
Osvaldo Marte
reviewed 10 days ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content