aws lambda function getting access denied when getObject from s3

Question

I am getting an acccess denied error from S3 AWS service on my Lambda function.

This is the code:

// dependencies
var async = require(\'async\');
var         


        

Answer 1

I ran into this issue and after hours of IAM policy madness, the solution was to:

1. Go to S3 console
2. Click bucket you are interested in.
3. Click 'Properties'
4. Unfold 'Permissions'
5. Click 'Add more permissions'
6. Choose 'Any Authenticated AWS User' from dropdown. Select 'Upload/Delete' and 'List' (or whatever you need for your lambda).
7. Click 'Save'

Done. Your carefully written IAM role policies don't matter, neither do specific bucket policies (I've written those too to make it work). Or they just don't work on my account, who knows.

[EDIT]

After a lot of tinkering the above approach is not the best. Try this:

1. Keep your role policy as in the helloV post.
2. Go to S3. Select your bucket. Click Permissions. Click Bucket Policy.
3. Try something like this:

{
    "Version": "2012-10-17",
    "Id": "Lambda access bucket policy",
    "Statement": [
        {
            "Sid": "All on objects in bucket lambda",
            "Effect": "Allow",
            "Principal": {
                "AWS": "arn:aws:iam::AWSACCOUNTID:root"
            },
            "Action": "s3:*",
            "Resource": "arn:aws:s3:::BUCKET-NAME/*"
        },
        {
            "Sid": "All on bucket by lambda",
            "Effect": "Allow",
            "Principal": {
                "AWS": "arn:aws:iam::AWSACCOUNTID:root"
            },
            "Action": "s3:*",
            "Resource": "arn:aws:s3:::BUCKET-NAME"
        }
    ]
}

Worked for me and does not require for you to share with all authenticated AWS users (which most of the time is not ideal).