继 my original post 上我收到的巨大帮助之后
将文件上传到 s3 存储桶,触发 lambda,该 lambda 发送一封电子邮件,其中包含上传到 s3 存储桶的文件信息
我之前已经测试过发送电子邮件,所以我知道这是可行的,但是当我尝试包含上传的数据时,它会引发错误
Could not fetch object data: { AccessDenied: Access Denied
at Request.extractError (/var/runtime/node_modules/aws-sdk/lib/services/s3.js:577:35)
at Request.callListeners (/var/runtime/node_modules/aws-sdk/lib/sequential_executor.js:105:20)
at Request.emit (/var/runtime/node_modules/aws-sdk/lib/sequential_executor.js:77:10)
at Request.emit (/var/runtime/node_modules/aws-sdk/lib/request.js:683:14)
我在网上发现了很多与此相关的关于 Angular 色等策略的问题。因此,我将 lambda 添加到 s3 事件,并向 Angular 色添加 s3 权限,例如。
https://stackoverflow.com/questions/35589641/aws-lambda-function-getting-access-denied-when-getobject-from-s3
不幸的是,这些都没有帮助。然而我注意到一条评论
Then the best solution is to allow S3FullAccess, see if it works. If it does, then remove one set of access at a time from the policy and find the least privileges required for your Lambda to work. If it does not work even after giving S3FullAccess, then the problem is elsewhere
那么我该如何找到问题所在呢?
谢谢Y
'use strict';
console.log('Loading function');
var aws = require('aws-sdk');
var ses = new aws.SES({
region: 'us-west-2'
});
//var fileType = require('file-type');
console.log('Loading function2');
var s3 = new aws.S3({ apiVersion: '2006-03-01', accessKeyId: process.env.ACCESS_KEY, secretAccessKey: process.env.SECRET_KEY, region: process.env.LAMBDA_REGION });
console.log('Loading function3');
//var textt = "";
exports.handler = function(event, context) {
console.log("Incoming: ", event);
// textt = event.Records[0].s3.object.key;
// var output = querystring.parse(event);
//var testData = null;
// Get the object from the event and show its content type
// const bucket = event.Records[0].s3.bucket.name;
// const key = decodeURIComponent(event.Records[0].s3.object.key.replace(/\+/g, ' '));
const params = {
Bucket: 'bucket',
Key: 'key',
};
s3.getObject(params, function(err, objectData) {
if (err) {
console.log('Could not fetch object data: ', err);
} else {
console.log('Data was successfully fetched from object');
var eParams = {
Destination: {
ToAddresses: ["fake@fake.com"]
},
Message: {
Body: {
Text: {
Data: objectData
// Data: textt
}
},
Subject: {
Data: "Email Subject!!!"
}
},
Source: "fake@fake.com"
};
console.log('===SENDING EMAIL===');
var email = ses.sendEmail(eParams, function(err, emailResult) {
if (err) console.log('Error while sending email', err);
else {
console.log("===EMAIL SENT===");
//console.log(objectData);
console.log("EMAIL CODE END");
console.log('EMAIL: ', emailResult);
context.succeed(event);
}
});
}
});
};
更新 我已经在代码中添加了注释并检查了日志...它没有超出这一行
var s3 = new aws.S3({ apiVersion: '2006-03-01', accessKeyId: process.env.ACCESS_KEY, secretAccessKey: process.env.SECRET_KEY, region: process.env.LAMBDA_REGION });
这是否与拒绝访问有关?
注意:上传文件的文件名中包含我想要的内容
更新2
iv 将导致问题的行替换为 var s3 = new aws.S3().getObject({ Bucket: this.awsBucketName, Key: 'keyName' }, function(err, data)
{
如果(!错误)
console.log(data.Body.toString());
});
但这会触发 TypeError: s3.getObject is not a function
也尝试过...var s3 = new aws.S3();
这又回到了原来的错误Could not fetch object data: { AccessDenied: Access Denied
最佳答案
首先,区域应该是 S3 存储桶区域,而不是 lambda 区域。接下来,您需要验证您的凭据以及他们是否有权访问您定义的 S3 存储桶。正如您在评论之一中所述,尝试将 S3 完全访问 Amazon 托管策略附加到您的 IAM 用户,该用户与您在 Lambda 中使用的凭证关联。下一步是使用 aws cli 来查看是否可以访问此存储桶。也许类似 -
aws s3 ls
如上所述,您根本不应该使用凭据。由于 Lambda 和 S3 是亚马逊服务,您应该使用 Angular 色。只需为 Lambda 提供一个 Angular 色,使其能够完全访问 S3,并且不要为此使用 aws IAM 凭证。并且
var s3 = new AWS.S3();
就足够了。
关于javascript - 尝试访问上传到 s3 存储桶的文件时,lambda 中的访问被拒绝,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/47686447/