使用 AWS re:Post 即表示您同意 AWS re:Post 使用條款
AWS re:Postre:Post

Lambda: Access denied for Put Object Operation despite S3FullAccess

0

I have a Lambda function that pulls data from an S3 bucket, transforms it and puts it into another bucket. I gave it S3FullAccess, which should include all operations. Loading data is no problem, however when I try to store the transformed data in a new bucket (or even a different folder within the same bucket), the following error message occurs:

"An error occurred (AccessDenied) when calling the PutObject operation: Access Denied"

The following lines both throw the error:

awswrangler.s3.to_csv(joined_df, 's3://buckets/other-bucket/data.csv', index=False)

awswrangler.s3.to_csv(joined_df, 's3://buckets/my-bucket/other-subfolder/data.csv', index=False)

This is, again, despite the Lambda having AmazonS3FullAccess. Does anyone know what is wrong here?

主題
儲存空間無伺服器運算安全性、身分識別與合規
標籤
Amazon Simple Storage ServiceAWS LambdaIAM 政策
語言
English
rePost-User-8096710
已提問 2 年前檢視次數 655 次
1 個回答
1

Hi THere

If the IAM user has the correct permissions to upload to the bucket, then check the following policies for settings that are preventing the uploads:

IAM user permission to s3:PutObjectAcl
Conditions in the bucket policy
Access allowed by an Amazon Virtual Private Cloud (Amazon VPC) endpoint policy
AWS KMS encryption

See https://aws.amazon.com/premiumsupport/knowledge-center/s3-403-upload-bucket/

profile pictureAWS
專家
Matt-B
已回答 2 年前
profile pictureAWS
專家
Indranil Banerjee AWS
已審閱 2 年前
  • rePost-User-8096710
    2 年前

    Thanks for this, I went through these policies but none seem to apply in my case. I specifically created a new policy and role now with "s3:PutObjectAcl" permission, added it to a new role & gave it access through the bucket policy.

    There are no conditions in the bucket policy, VPCs play no role and the bucket is not KMS encrypted. Is there any other possible reason?

您尚未登入。 登入 去張貼答案。

一個好的回答可以清楚地回答問題並提供建設性的意見回饋,同時有助於提問者的專業成長。

回答問題指南

相關內容