我在 AWS 中测试 lambda 函数时遇到问题,该函数只想在每次将某些图像上传到存储桶时创建一个缩略图,然后将其作为缩略图放入另一个存储桶中(官方教程:https://docs.aws. amazon.com/lambda/latest/dg/with-s3-tutorial.html#with-s3-example-prereqs),我在我的政策中看到一些奇怪的东西,例如:
背景:
这是确切的错误:
[错误] ClientError:调用时发生错误(403) HeadObject 操作:禁止回溯(最近一次调用最后):
文件“/var/task/lambda_function.py”,第 31 行,位于 lambda_handler 中 s3_client.download_file(bucket, key, download_path) 文件“/var/task/boto3/s3/inject.py”,第 192 行,在 download_file 中 返回transfer.download_file(文件“/var/task/boto3/s3/transfer.py”,第405行,在download_file中 future.result() 文件“/var/task/s3transfer/futures.py”,第 103 行,结果 返回 self._coordinator.result() 文件“/var/task/s3transfer/futures.py”,第 266 行,结果 引发 self._exception 文件“/var/task/s3transfer/tasks.py”,第 269 行,在 _main 中 self._submit(transfer_future=transfer_future, **kwargs) 文件“/var/task/s3transfer/download.py”,第 354 行,在 _submit 中 响应 = client.head_object( 文件“/var/task/botocore/client.py”,第 565 行,在 _api_call 中 返回 self._make_api_call(operation_name, kwargs) 文件“/var/task/botocore/client.py”,第 1021 行,在 _make_api_call 中 引发错误类(解析响应,操作名称)
这是我的政策:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"logs:PutLogEvents",
"logs:CreateLogGroup",
"logs:CreateLogStream"
],
"Resource": "arn:aws:logs:*:*:*"
},
{
"Effect": "Allow",
"Action": [
"s3:GetObject"
],
"Resource": "arn:aws:s3:::thumb-origin-bucket"
},
{
"Effect": "Allow",
"Action": [
"s3:PutObject"
],
"Resource": "arn:aws:s3:::thumb-destination-bucket"
}
]
}
尝试添加列表存储桶和/*来获取和放置对象。
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"logs:PutLogEvents",
"logs:CreateLogGroup",
"logs:CreateLogStream"
],
"Resource": "arn:aws:logs:*:*:*"
},
{
"Effect": "Allow",
"Action": [
"s3:GetObject"
],
"Resource": "arn:aws:s3:::thumb-origin-bucket/*"
},
{
"Effect": "Allow",
"Action": [
"s3:PutObject"
],
"Resource": "arn:aws:s3:::thumb-destination-bucket/*"
},
{
"Effect": "Allow",
"Action": [
"s3:ListBucket"
],
"Resource": [
"arn:aws:s3:::thumb-origin-bucket",
"arn:aws:s3:::thumb-destination-bucket"
]
}
]
}