【发布时间】:2021-08-25 15:00:30
【问题描述】:
我将我的 Lambda zip 文件存储在账户 A 的 S3 存储桶中。在账户 B 中,我有我的 Lambda。我试图让我的 Lambda 使用账户 A 存储桶中的 zip 文件,但我不断收到:
Your access has been denied by S3, please make sure your request credentials have permission to GetObject for bucket/code.zip. S3 Error Code: AccessDenied. S3 Error Message: Access Denied
我遵循了我在网上找到的指南,但我仍然面临问题。 这是我当前的配置:
账户 A 的 S3 存储桶政策:
{
"Version": "2012-10-17",
"Id": "ExamplePolicy",
"Statement": [
{
"Sid": "ExampleStmt",
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::AccountBID:role/MyLambdaRole"
},
"Action": [
"s3:GetObject",
"s3:ListBucket"
],
"Resource": [
"arn:aws:s3:::bucket",
"arn:aws:s3:::bucket/*"
]
}
]
}
账户 B 的 Lambda 执行角色政策:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:GetObject",
"s3:ListBucket"
],
"Resource": [
"arn:aws:s3:::bucket/*",
"arn:aws:s3:::bucket"
]
}
]
}
【问题讨论】:
标签: amazon-web-services amazon-s3 aws-lambda