amazon web services - AWS S3 Bucket Policy not working when manually testing Lambda Function -


i have aws lambda function accesses s3 resource it’s url (i.e https://s3-eu-west-1.amazonaws.com/bucketname/key).

i have added bucket policy on s3 bucket allows lambda function access s3 bucket (via lambda functions iam role). bucket policy looks follows: 


{     "version": "2012-10-17",     "id": "access control s3 bucket",     "statement": [         {             "sid": "allow , list requests iam role",             "effect": "allow",             "principal": {                 "aws": "arn:aws:iam::123412341234:role/role-name“             },             "action": [                 "s3:get*",                 "s3:list*"             ],             "resource": [                 "arn:aws:s3:::bucket-name”,                 "arn:aws:s3:::bucket-name/*"             ]         }     ] }

this works fine when lambda function activated "automatically" trigger. when test lambda function manually (via aws console) 403 error.

if change principal in s3 bucket policy “*” 403 exception resolved.

my guess different principal used when manually triggering lambda function, i’ve no idea might be. i’ve tried adding new policy giving access canonical user doesn’t work.

any suggestions?

if wish give permissions particular iam user/group/role, should add permissions directly on user/group/role rather adding special-case in bucket policy.

this keeps bucket policies clean, less special-cases.

i recommend:

  • remove bucket policy have displayed
  • add in-line policy (for one-off situations) iam role used lambda function

here sample policy:

{     "version": "2012-10-17",     "statement": [         {             "sid": "bucketaccess",             "effect": "allow",             "action": [                 "s3:*"             ],             "resource": [                 "arn:aws:s3:::my-bucket",                 "arn:aws:s3:::my-bucket/*"             ]         }     ] }

actually, too permissive since allow lambda function anything in bucket (eg delete bucket), should grant permissions know required lambda function.


Comments

Post a Comment

Popular posts from this blog

html - How to set bootstrap input responsive width? -

Image
i need inline form calendar in both fields. reason can't rid of space between text , borders of input... here picture of problem i've tried set width parent div , input itself.... no good.. here i've done far. fiddle : <div class="modify_search"> <div class="search_wrapper"> <div class="search_header"> <form class="form-inline"> <div class="left"> <span>du</span> <div class="input-group"> <input type="text" class="form-control search_input" id="inlineforminputgroup"> <div class="input-group-addon"> <i class="fa fa-calendar" aria-hidden="true"></i> </div> </div> </div>
Read more

javascript - Highchart x and y axes data from json -

here js fiddle : demo i plotting differences of timestamps in multiple series reading data json. how plot "timestamp","timestamp2","timestamp3" against "tempersensordata" instead of steps? var processed_json = new array(); //ts1 var processed_json1 = new array(); //ts2 // populate initial series (i = 0; < data.length; i++){ processed_json.push(data[i].timestamp/1000); processed_json1.push(data[i].timestamp2/1000); }
Read more

javascript - Get js console.log as python variable in QWebView pyqt -

Image
i'm trying build application creates html + js code python , loads qwebview. the final html + js code following (raw code available here ): <head><meta charset="utf-8" /><script src="https://cdn.plot.ly/plotly-latest.min.js"></script></head><div id="mydiv" style="height: 100%; width: 100%;" class="plotly-graph-div"></div><script type="text/javascript">window.plotlyenv=window.plotlyenv || {};window.plotlyenv.base_url="https://plot.ly";plotly.newplot("mydiv", [{"type": "scatter", "x": [6.81, 6.78, 6.49, 6.72, 6.88, 7.68, 7.69, 7.38, 6.76, 6.84, 6.91, 6.74, 6.77, 6.73, 6.68, 6.94, 6.72], "y": [1046.67, 1315.0, 1418.0, 997.33, 2972.3, 9700.0, 6726.0, 6002.5, 2096.0, 2470.0, 867.0, 2201.7, 1685.6, 2416.7, 1618.3, 2410.0, 2962.0], "mode": "markers", "ids": [0, 1, 2, 3, 4, 5, 6, 7, 8,
Read more