All geek questions in one place

AWS Lambda cannot delete Amazon S3 object

I am trying to create an AWS Lambda function that processes a file loaded in the first bucket, then saves it in the second bucket and then deletes the input file.

The problem is that when I try to delete the file I get

{ "message": "Access Denied", "code": "AccessDenied", "time": "2015-02-09T22:08:45.926Z", "statusCode": 403, "retryable": false, "retryDelay": 30 }

A snippet of code that is trying to delete a file,

 s3.deleteObject({ Bucket: inputBucket, Key: inputKey }, function(a, b) { if (a) { console.error("Error on delete"); console.error(a); } else { console.log("Deleted successfully"); } });
+7
source share
3 answers

A possible reason lambda could not delete the file (S3 object) might be due to the Lambda Execution role.

Steps to resolve this issue

  • Go to IAM in the AWS Management Console
  • Look at the IAM role used (or created) for lambda (if by default it will be lambda_exec_role)
  • Go to Attach Role Policy โ†’ Custom Policy and add the following IAM policy document.
 { "Statement": [ { "Sid": "Stmt1423535846414", "Action": [ "s3:DeleteObject" ], "Effect": "Allow", "Resource": "arn:aws:s3:::*" } ] }
+8
source

I had problems with weird characters and spaces in inputKey. Try with a simple name.

0
source

Go to IAM โ†’ Roles โ†’ <assigned-role-name> โ†’ Permissions โ†’ <policy-name>

Make sure your policy has the following:

 { "Statement": [ { "Action": [ "s3:*" ], "Resource": [ "arn:aws:s3:::<my-bucket>", "arn:aws:s3:::<my-bucket>/*" ], "Effect": "Allow" } ] }

Note: arn:aws:s3:<my-bucket> - for access to my-bucket and arn:aws:s3:<my-bucket>/* - for access to all objects in my-bucket . They are similar, but not the same. They must both be present so that lambda has full access to S3

Hope this helps

0
source

Source: https://habr.com/ru/post/1213001/

More articles:


All Articles