我们尝试通过设置 Lambda 函数来添加自定义标签来自动化 S3 工作流程。
我们的 Lambda 函数失败并显示:
2019-11-04T11:32:40.057Z 41513606-8bdd-4c24-85c4-7773d213fc32 { AccessDenied: Access Denied
at Request.extractError (/var/runtime/node_modules/aws-sdk/lib/services/s3.js:585:35)
at Request.callListeners (/var/runtime/node_modules/aws-sdk/lib/sequential_executor.js:106:20)
at Request.emit (/var/runtime/node_modules/aws-sdk/lib/sequential_executor.js:78:10)
at Request.emit (/var/runtime/node_modules/aws-sdk/lib/request.js:683:14)
at Request.transition (/var/runtime/node_modules/aws-sdk/lib/request.js:22:10)
at AcceptorStateMachine.runTo (/var/runtime/node_modules/aws-sdk/lib/state_machine.js:14:12)
at /var/runtime/node_modules/aws-sdk/lib/state_machine.js:26:10
at Request.<anonymous> (/var/runtime/node_modules/aws-sdk/lib/request.js:38:9)
at Request.<anonymous> (/var/runtime/node_modules/aws-sdk/lib/request.js:685:12)
at Request.callListeners (/var/runtime/node_modules/aws-sdk/lib/sequential_executor.js:116:18)
message: 'Access Denied',
code: 'AccessDenied',
region: null,
time: 2019-11-04T11:32:40.056Z,
requestId: '8F7360D2A816BF54',
extendedRequestId: 'yGXP21UJARJfGq7uz/Pr8JZiX0flImx3e11PL398cFae+S79rWp5dH7G9m2zmYAVysbFQvBChiI=',
cfId: undefined,
statusCode: 403,
retryable: false,
retryDelay: 25.314823366706207 }
我们还在用户界面上看到了一条通知:
要启用对象标签的复制,如果用于跨区域复制的 IAM 策略是在引入对象标记之前创建的,则必须更新这些策略。
最佳答案
我们遇到了这个 AccessDenied
错误
我们必须为我们的 IAM 角色启用进一步的策略:
"Action": [
"s3:PutObject",
"s3:GetObjectAcl",
"s3:GetObject",
"s3:GetObjectTagging",
"s3:PutObjectTagging",
"s3:PutObjectAcl"
],
如您所见,有针对 GetObjectTagging
和 PutObjectTagging
的特定策略
关于amazon-s3 - Amazon S3 AccessDenied : Access Denied at Request. extractError - 使用事件对象标记,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/58693019/