AWS S3 permission error when copy objects between buckets

0
votes

I have written a AWS Lambda function using BOTO3 lib to copy object from one folder to another in a S3 bucket. Locally logic is working fine but post deploying to lambda, getting permission error.

S3 functions I am using in my code:

  1. boto3.resource() - to get the s3 object
  2. s3.Object() - to get the file stored in s3
  3. .get()['Body'].read() - to read content of file stored
  4. .copy(copy_source, destination_key) - to copy data from one folder to another in same S3 bucket

IAM granted permissions to lambda:

  1. "s3:PutObject"

  2. "s3:GetObject",

  3. "s3:ListBucket"

But still no luck. Can someone please tell me what other permissions do I need to grant to Lambda to access S3 for my purpose ? PS: tried looking into list of IAM actions but not able to find the missing one.

1
amazon-web-servicesamazon-s3aws-lambdaboto3
Have you checked with full s3 permissions, just to verify that the issue is only due to S3 permissions? - Marcin
yeah. I tried using * n it seems to be working. Problem is I don't want to grant all the permissions to lambda as that job is to do trigger new content to my live users. @Marcin - Ankur Mishra
if * works, then when your running the lambda what error is returned. Typically it tells you what IAM permission it requires when access is defined. - pkarfs
Exactly my point, that's d strange thing. I am using CloudWatch to get the logs but in my case, nothing is getting printed in logs. Otherwise it would have made it so much easier to fix. - Ankur Mishra
All I am getting in my log is request but no response or error. and then timeout log is getting printed - Ankur Mishra

1 Answers

3
votes

Your Lambda function's timeout is too low for the duration of the S3 calls you are making.

Also, there's typically no need to download an S3 object if all you want to do is copy it from S3 to S3. You are downloading the object and that is adding to your timeout woes. Simply use the client-level copy_object function.