Copying a file from an s3 bucket in one AWS account to an s3 bucket of another account. The required roles/policies for this task were created by IAM team which is out of my scope. This lambda is going to run in destination account and it has to copy the object from source bucket.
while running lambda, getting below error:
ClientError: An error occurred (403) when calling the HeadObject operation: Forbidden
I was wondering if there is something to be fixed in my code or just a permission issue?
Here is my lambda.
import boto3
ID_list=['123456789101']
def lambda_handler(event, context):
for entry in ID_list:
sts_client = boto3.client('sts')
assumed_role_object=sts_client.assume_role(
RoleArn="arn:aws:iam::" + entry[0] + ":role/requiredrole",
RoleSessionName="SampleSession"
)
credentials=assumed_role_object['Credentials']
s3_resource=boto3.resource(
's3',
aws_access_key_id=credentials['AccessKeyId'],
aws_secret_access_key=credentials['SecretAccessKey'],
aws_session_token=credentials['SessionToken'],
)
##performing copy from one bucket to other
s3 = boto3.resource('s3')
source= { 'Bucket' : 'my-bucket' + entry[0], 'Key': 'test.csv'} ##source bucket,file details
dest_bucket = s3.Bucket('dest-bucket') #bucket in destination account
dest_bucket.copy(source, 'test1.csv')
