aws lambda function getting access denied when getObject from s3

Question

I am getting an acccess denied error from S3 AWS service on my Lambda function.

This is the code:

// dependencies
var async = require(\'async\');
var         


        

Answer 1

If you have encryption set on your S3 bucket (such as AWS KMS), you may need to make sure the IAM role applied to your Lambda function is added to the list of IAM > Encryption keys > region > key > Key Users for the corresponding key that you used to encrypt your S3 bucket at rest.

In my screenshot, for example, I added the CyclopsApplicationLambdaRole role that I have applied to my Lambda function as a Key User in IAM for the same AWS KMS key that I used to encrypt my S3 bucket. Don't forget to select the correct region for your key when you open up the Encryption keys UI.

Find the execution role you've applied to your Lambda function:

Find the key you used to add encryption to your S3 bucket:

In IAM > Encryption keys, choose your region and click on the key name:

Add the role as a Key User in IAM Encryption keys for the key specified in S3: