- Newest
- Most votes
- Most comments
Hello.
Looking at the code, it seems to be using an access key when listing S3.
You can set an IAM role for Lambda, so there is no need to set an access key.
Another possible cause of the error is that the IAM user who issued the access key does not have permissions.
Please try deleting the access key from Lambda and setting access rights to S3 in the IAM role.
aws_access_key_id = 'xx'
aws_secret_access_key = 'xx'
# Create an S3 client
s3 = boto3.client(
's3',
aws_access_key_id=aws_access_key_id,
aws_secret_access_key=aws_secret_access_key
)
#response = s3.get_object(Bucket=bucket_name, Key=file_name)
# Example: List S3 buckets
response = s3.list_buckets()
Your code is performing a ListBuckets
call, and your IAM permissions are allowing s3:ListBucket
. You need s3:ListAllMyBuckets
in order to call ListBuckets.
If you update your IAM policy to:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "SamplePolicy",
"Effect": "Allow",
"Action": "s3:ListAllMyBuckets",
"Resource": "*"
}
]
}
Then your code will work as intended.
Best practice of course is what is described by Riko, and to use a role in Lambda (which would need the same permissions I talk about here), and not to use static credentials the way you are.
Hi I attached the following
{ "Version": "2012-10-17", "Statement": [ { "Sid": "SamplePolicy", "Effect": "Allow", "Action": "s3:", "Resource": "" } ] }
to my IAM policy thats connected to lambda function..
When I try to run the following lambda function it just times out.. The file path is correct. In my bucket I have a folder called model_csv and a file named delte.csv .
bucket_name = "aerocastwx.com" file_name = "/model_csv/delte.csv" print("Getting S3") # Create an S3 client try: s3 = boto3.client('s3') # Create an S3 client #@s3 = boto3.client( #'s3', #aws_access_key_id=aws_access_key_id, #aws_secret_access_key=aws_secret_access_key #) response = s3.get_object(Bucket=bucket_name, Key=file_name)
Relevant content
- AWS OFFICIALUpdated 3 years ago
- AWS OFFICIALUpdated 2 years ago
Hi. Yes I am aware about the IAM user. I tried the approach like you said without the access keys but then the lamda function stalls and times out on this line: response = s3.get_object(Bucket=bucket_name, Key=file_name)