I'm having problems testing my lambda function in AWS which just wants to create a thumbnail everytime you upload somee image to a bucket, then put it in another bucket as a thumbnail (official tutorial: https://docs.aws.amazon.com/lambda/latest/dg/with-s3-tutorial.html#with-s3-example-prereqs) and I see something weird in my policiy for example:
Context:
- I have tried running with root user and IAM user with Admin role and S3 all access role.
- I tried making the buckets public already (not good practices here).
This is the exact error:
[ERROR] ClientError: An error occurred (403) when calling the HeadObject operation: Forbidden Traceback (most recent call last):
File "/var/task/lambda_function.py", line 31, in lambda_handler s3_client.download_file(bucket, key, download_path) File "/var/task/boto3/s3/inject.py", line 192, in download_file return transfer.download_file( File "/var/task/boto3/s3/transfer.py", line 405, in download_file future.result() File "/var/task/s3transfer/futures.py", line 103, in result return self._coordinator.result() File "/var/task/s3transfer/futures.py", line 266, in result raise self._exception File "/var/task/s3transfer/tasks.py", line 269, in _main self._submit(transfer_future=transfer_future, **kwargs) File "/var/task/s3transfer/download.py", line 354, in _submit response = client.head_object( File "/var/task/botocore/client.py", line 565, in _api_call return self._make_api_call(operation_name, kwargs) File "/var/task/botocore/client.py", line 1021, in _make_api_call raise error_class(parsed_response, operation_name)
This is my policy:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"logs:PutLogEvents",
"logs:CreateLogGroup",
"logs:CreateLogStream"
],
"Resource": "arn:aws:logs:*:*:*"
},
{
"Effect": "Allow",
"Action": [
"s3:GetObject"
],
"Resource": "arn:aws:s3:::thumb-origin-bucket"
},
{
"Effect": "Allow",
"Action": [
"s3:PutObject"
],
"Resource": "arn:aws:s3:::thumb-destination-bucket"
}
]
}
