Menu
I have a problem with getObject access from my lambda function (FrameWork serverless) to S3 service in AWS. here a sample of my code :
import boto3
import csv
def hello(event, context):
s3 = boto3.resource('s3')
bucket = s3.Bucket('myBucket')
obj = bucket.Object(key='MOCK_DATA.csv')
response = obj.get()
lines = response['Body'].read().split()
body = []
for row in csv.DictReader(lines):
body.append(row)
return body
and in my serverless.yml, i gave to my lambda the full access to the bucket
iamRoleStatements:
- Effect: "Allow"
Action:
- "s3:*"
Resource:
- "arn:aws:s3:::myBucket"
but when i run the code, i receive the error:
START RequestId: a6c006b7-21e5-11e8-8193-c3378825927 Version: $LATEST
An error occurred (AccessDenied) when calling the GetObject operation: Access Denied: ClientError
Traceback (most recent call last):
File "/var/task/handler.py", line 5, in hello
response = obj.get()
File "/var/runtime/boto3/resources/factory.py", line 520, in do_action
response = action(self, *args, **kwargs)
File "/var/runtime/boto3/resources/action.py", line 83, in __call__
response = getattr(parent.meta.client, operation_name)(**params)
File "/var/runtime/botocore/client.py", line 317, in _api_call
return self._make_api_call(operation_name, kwargs)
File "/var/runtime/botocore/client.py", line 615, in _make_api_call
raise error_class(parsed_response, operation_name)
ClientError: An error occurred (AccessDenied) when calling the GetObject operation: Access Denied
do you have any idea why the boto3 dosent not take the permission from the iam role ? Because its working only if i declare boto3 with private and access keys:
s3 = boto3.resource('s3',aws_access_key_id='accesskey',aws_secret_access_key='privateKey')
Thank you in advance
417
For actions like s3:GetObject the resource should be arn:aws:s3:::myBucket/*. You are missing the trailing /*.
100
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
