Permission denied after uploading AWS Lambda python zip from S3

Question

When uploading a python zip package to AWS Lambda from S3 I get the following cryptic error:

module initialization error: [Errno 13] Permission denied: '/var/task/lambda_function.py'

The error seems to be that if you create a zip package with restrictive permissions, then AWS gets confused. Essentially, AWS unzips your package with the permissions you gave it and tries to use it. What can make this especially confusing is that you may be able to see part of the zip files from the AWS Lambda inline code editor (so you clearly have some permission), but the Lambda function will give the above error.

What is the best way to handle this (either a better error message or resolve the problem)?

Answer 1

The approach I used was to be careful in how I created my zip package in python.

Instead of doing something like

ziph = zipfile.ZipFile(zip_filename, 'w', zipfile.ZIP_DEFLATED)
ziph.writestr(file_name, my_data)

I replaced the last line above with

zinfo = zipfile.ZipInfo(file_name)
zinfo.external_attr = 0o777 << 16  # give full access to included file
ziph.writestr(zinfo, my_data)

To make sure to explicitly grant full permissions. If you don't do this, then writestr will use too restrictive default permissions. (Note: the above is for python 3.6).