我正在使用 lambda 函数的默认代码:
console.log('Loading function');
var aws = require('aws-sdk');
var s3 = new aws.S3({ apiVersion: '2006-03-01' });
exports.handler = function(event, context) {
//console.log('Received event:', JSON.stringify(event, null, 2));
// Get the object from the event and show its content type
var bucket = event.Records[0].s3.bucket.name;
var key = decodeURIComponent(event.Records[0].s3.object.key.replace(/\+/g, ' '));
var params = {
Bucket: bucket,
Key: key
};
s3.getObject(params, function(err, data) {
if (err) {
console.log(err);
var message = "Error getting object " + key + " from bucket " + bucket +
". Make sure they exist and your bucket is in the same region as this function.";
console.log(message);
context.fail(message);
} else {
console.log('CONTENT TYPE:', data.ContentType);
context.succeed(data.ContentType);
}
});
};
但是我收到访问被拒绝错误:
2016-02-24T14:21:21.503Z kvyo1midvc2r69gm Loading function
START RequestId: baf9049b-db01-11e5-bc34-791df91353a9 Version: $LATEST
2016-02-24T14:21:22.500Z baf9049b-db01-11e5-bc34-791df91353a9 { [AccessDenied: Access Denied] message: 'Access Denied', code: 'AccessDenied', region: null, time: Wed Feb 24 2016 14:21:22 GMT+0000 (UTC), requestId: '215CD9BB4094E209', extendedRequestId: '0kDBEyMiJYbMApEqJuAtKct2SKLI7Z7tCBVyW6QJsYwMHROvtCEDynbGSsBdqbwFcX+YrSlGnsg=', statusCode: 403, retryable: false, retryDelay: 30 }
2016-02-24T14:21:22.539Z baf9049b-db01-11e5-bc34-791df91353a9 Error getting object {"originalFilename":"c12eaadf3d3b46d9b5ded6c078534c11","versions":[{"Size":1024,"Crop":null,"Max":false,"Rotate":0}]} from bucket xmovo.originalimages.develop. Make sure they exist and your bucket is in the same region as this function.
2016-02-24T14:21:22.539Z baf9049b-db01-11e5-bc34-791df91353a9
{
"errorMessage": "Error getting object {\"originalFilename\":\"c12eaadf3d3b46d9b5ded6c078534c11\",\"versions\":[{\"Size\":1024,\"Crop\":null,\"Max\":false,\"Rotate\":0}]} from bucket xmovo.originalimages.develop. Make sure they exist and your bucket is in the same region as this function."
}
END RequestId: baf9049b-db01-11e5-bc34-791df91353a9
REPORT RequestId: baf9049b-db01-11e5-bc34-791df91353a9 Duration: 723.44 ms Billed Duration: 800 ms Memory Size: 128 MB Max Memory Used: 34 MB
我的 lambda 函数和我的 S3 存储桶位于同一区域“US Standart”和“us-east-1”,它们是相同的
IAM权限对于lambda函数来说是可以的,允许GetObject操作,(它是通过创建lambda函数的向导设置的)
经过所有检查,我不知道为什么我仍然收到访问被拒绝错误
提前致谢
最佳答案
查看日志输出,我可以看到 key 变量包含以下字符串:
{\"originalFilename\":\"c12eaadf3d3b46d9b5ded6c078534c11\",\"versions\":[{\"Size\":1024,\"Crop\":null,\"Max\":false,\"Rotate\":0}]}
我猜您希望该变量包含字符串“c12eaadf3d3b46d9b5ded6c078534c11”。
如果您无权访问或 key 不存在,S3 将返回 403 错误响应。在这两种情况下返回“访问被拒绝”是一项安全功能,可防止攻击者发现您的存储桶中实际存在哪些 key 。
我认为你需要更改这一行:
decodeURIComponent(event.Records[0].s3.object.key.replace(/\+/g, ' '));
像这样:
decodeURIComponent(event.Records[0].s3.object.key.originalFilename.replace(/\+/g, ' '));
关于node.js - 从 S3 存储桶获取对象时,aws lambda 函数的访问被拒绝,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/35605622/