AWS Lambda — copy object with different name : access denied

0
votes

I am new to aws, I am using CloudWatch Event to copy a file every day, that one is then calling a lambda function. This lambda function is working well, copy the file from one bucket to an other. However, it is exactly the same file name, I tried to add a date at the beginning of the name file but I got an access denied.

Lambda Function working : 

var AWS = require("aws-sdk");

exports.handler = (event, context, callback) => {

    var s3 = new AWS.S3();
    var sourceBucket = "bucket1";
    var destinationBucket = "bucket2";
    var objectKey = "file.csv";
    var copySource = encodeURI(sourceBucket + "/" + objectKey);
    var copyParams = { Bucket: destinationBucket, CopySource: copySource, Key: objectKey };

    s3.copyObject(copyParams, function(err, data) {
        if (err) {
            console.log(err, err.stack);
        } else {
            console.log("S3 object copy successful.");
        }
    });
};

Lambda Role : 

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "s3:GetObject",
                "s3:PutObject"
            ],
            "Resource": [
                "arn bucket 1/*"
            ]
        },
        {
            "Effect": "Allow",
            "Action": [
                "s3:GetObject",
                "s3:PutObject"
            ],
            "Resource": [
                "arn bucket 2/*"
            ]
        }
    ]
}

Error received : 

2017-05-19T08:34:01.059Z    e7962caa-3c6d-11e7-bd30-db47f297ea83    { AccessDenied: Access Denied
    at Request.extractError (/var/runtime/node_modules/aws-sdk/lib/services/s3.js:539:35)
    at Request.callListeners (/var/runtime/node_modules/aws-sdk/lib/sequential_executor.js:105:20)
    at Request.emit (/var/runtime/node_modules/aws-sdk/lib/sequential_executor.js:77:10)
    at Request.emit (/var/runtime/node_modules/aws-sdk/lib/request.js:673:14)
    at Request.transition (/var/runtime/node_modules/aws-sdk/lib/request.js:22:10)
    at AcceptorStateMachine.runTo (/var/runtime/node_modules/aws-sdk/lib/state_machine.js:14:12)
    at /var/runtime/node_modules/aws-sdk/lib/state_machine.js:26:10
    at Request.<anonymous> (/var/runtime/node_modules/aws-sdk/lib/request.js:38:9)
    at Request.<anonymous> (/var/runtime/node_modules/aws-sdk/lib/request.js:675:12)
    at Request.callListeners (/var/runtime/node_modules/aws-sdk/lib/sequential_executor.js:115:18)
  message: 'Access Denied',
  code: 'AccessDenied',
  region: null,

I would like to change the name of the copied file. Moreover I saw that, with cloudwatch event, the file is replaced each time the event is called. Is there a way to create a new file each time and keep all the versions ?

Thank you.

1
amazon-web-servicesaws-lambda
See if enabling version history on the bucket fits your use case. For the error you are facing, can you add the error response to the question?Yeshodhan Kulkarni
thank you, of course, updatedDionysoSong
Any reason it says region null in the error response? Have you configured the s3 client properly? The permissions seem to be good and doesnt look like a permission issue.Yeshodhan Kulkarni
I don't know for the region .. However, I just succeed ! I just made an error in the object key string. ^^ Enabling version history is working ! Thank you a lot.DionysoSong
Cool. Ive added my comments as the answer. Mark as answered when you can.Yeshodhan Kulkarni

1 Answers

0
votes

See if enabling version history on the bucket fits your use case. For the error you are facing, can you add the error response to the question?

Any reason it says region null in the error response? Have you configured the s3 client properly? The permissions seem to be good and doesnt look like a permission issue.