- Newest
- Most votes
- Most comments
Hello.
What are the ACL settings for the target object?
The bucket policy and IAM policy seemed fine, so is it possible that the object ACL is preventing access?
https://repost.aws/knowledge-center/s3-bucket-owner-access
https://docs.aws.amazon.com/AmazonS3/latest/userguide/acl-overview.html#canned-acl
I don't think it matters much, but since the version of the bucket policy you are using is old, I think it would be better to set it to "2012-10-17" as shown below.
https://repost.aws/knowledge-center/s3-bucket-policy-for-config-rule
{
"Id": "ExamplePolicy",
"Version": "2012-10-17",
"Statement": [
{
"Sid": "AllowSSLRequestsOnly",
"Action": "s3:*",
"Effect": "Deny",
"Resource": [
"arn:aws:s3:::DOC-EXAMPLE-BUCKET",
"arn:aws:s3:::DOC-EXAMPLE-BUCKET/*"
],
"Condition": {
"Bool": {
"aws:SecureTransport": "false"
}
},
"Principal": "*"
}
]
}
To add... 2008-10-17. was an earlier version of the policy language. You might see this version on older existing policies. Do not use this version for any new policies or when you update any existing policies. Newer features, such as policy variables, will not work with your policy
Here is ACL for the bucket:
Grantee Bucket owner (your AWS account)
Objects List, Write
Bucket ACL Read, Write
I modified the code to creat /tmp/downloads directory, and use it as local directory. Also modified the Bucket Policy to newer version.
However, I still get the same error.
Btw: This lambda function without the modification ( using /tmp/ for download directory and older version of bucket policy) is working in DEV env. I get the error only in when I deployed in PROD. I compared all the settings for the bucket and they are identical. Also I use the same Cloudformation script to create the S3 bucket.
As well as Riku's suggestion.
What do you have defined for local_tar_file ?
With lambda you can use /tmp to store the downloaded file. Any where else within the function is likely to fail due to not having write access
As your bucket config and IAM is proper, I believe the issue is with "local_tar_file = '/tmp/' + os.path.basename(key)" where you are trying write into lambda's file system.
Relevant content
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 2 years ago
Can you share the actual error message, it helps to understand the issue.