使用AWS re:Post即您表示您同意 AWS re:Post 使用条款
AWS re:Postre:Post

Lambda: Access denied for Put Object Operation despite S3FullAccess

0

I have a Lambda function that pulls data from an S3 bucket, transforms it and puts it into another bucket. I gave it S3FullAccess, which should include all operations. Loading data is no problem, however when I try to store the transformed data in a new bucket (or even a different folder within the same bucket), the following error message occurs:

"An error occurred (AccessDenied) when calling the PutObject operation: Access Denied"

The following lines both throw the error:

awswrangler.s3.to_csv(joined_df, 's3://buckets/other-bucket/data.csv', index=False)

awswrangler.s3.to_csv(joined_df, 's3://buckets/my-bucket/other-subfolder/data.csv', index=False)

This is, again, despite the Lambda having AmazonS3FullAccess. Does anyone know what is wrong here?

主题
存储无服务器计算安全、身份和合规性
标签
亚马逊简单存储服务 (S3)AWS LambdaIAM 策略
语言
English
rePost-User-8096710
已提问 2 年前681 查看次数
1 回答
1

Hi THere

If the IAM user has the correct permissions to upload to the bucket, then check the following policies for settings that are preventing the uploads:

IAM user permission to s3:PutObjectAcl
Conditions in the bucket policy
Access allowed by an Amazon Virtual Private Cloud (Amazon VPC) endpoint policy
AWS KMS encryption

See https://aws.amazon.com/premiumsupport/knowledge-center/s3-403-upload-bucket/

profile pictureAWS
专家
Matt-B
已回答 2 年前
profile pictureAWS
专家
Indranil Banerjee AWS
已审核 2 年前
  • rePost-User-8096710
    2 年前

    Thanks for this, I went through these policies but none seem to apply in my case. I specifically created a new policy and role now with "s3:PutObjectAcl" permission, added it to a new role & gave it access through the bucket policy.

    There are no conditions in the bucket policy, VPCs play no role and the bucket is not KMS encrypted. Is there any other possible reason?

您未登录。 登录 发布回答。

一个好的回答可以清楚地解答问题和提供建设性反馈,并能促进提问者的职业发展。

回答问题的准则

相关内容