Access denied on aws lambda function when getObject from S3 bucket

Question

I\'m using the default code for a lambda function:

console.log(\'Loading function\');

var aws = require(\'aws-sdk\');
var s3 = new aws.S3({ apiVersion: \'20         


        

Answer 1

Check the IAM permissions of the role you want to use, maybe there are deny permissions above allow permissions.

Answer 2

Looking at your log output, I can see that the key variable contains the following string:

{\"originalFilename\":\"c12eaadf3d3b46d9b5ded6c078534c11\",\"versions\":[{\"Size\":1024,\"Crop\":null,\"Max\":false,\"Rotate\":0}]}

I'm guessing you intended that variable to contain the string "c12eaadf3d3b46d9b5ded6c078534c11".

S3 will return a 403 error response if you don't have access, or if the key doesn't exist. Returning "access denied" in both cases is a security feature to prevent attackers from finding out what keys actually exist in your bucket.

I think you need to change this line:

decodeURIComponent(event.Records[0].s3.object.key.replace(/\+/g, ' '));

to something like this:

decodeURIComponent(event.Records[0].s3.object.key.originalFilename.replace(/\+/g, ' '));