Create an S3 Bucket for File Uploads: Lambda to S3 Access Denied


#1

I followed the Basic 1 section and got everything running fine. I wanted to enhance it somewhat for something I’m doing and part of that included reading the file that was uploaded to s3 from within a Lambda function. When I run the function through “serverless invoke local” it works just fine, finds the s3 file and able to read it. When I deploy the Lambda function through “serverless deploy” and run it, it gives me an “Access denied” trying to read the S3 bucket. I know the full key name is correct. My permissions on the IAM role are the same as in the Basic 1 guide.

Has anybody tried to read those private files in the S3 bucket?
Am I missing something simple?


#2

Disregard. I think I just figured it out. It looks like I had not wild-carded my permissions for the s3 bucket in the yaml iamRoleStatements section:

  iamRoleStatements:
    - Effect: Allow
      Action:
        - s3:getObject
        - s3:putObject
      Resource: "arn:aws:s3::*:*"

#3

Clarifying:

 iamRoleStatements:
    - Effect: Allow
      Action:
        - s3:getObject
        - s3:putObject
      Resource: "arn:aws:s3:::<my-bucket>/*"

#4

Glad you figured it out. Thanks for reporting back.