Uts*_*sab 1 amazon-s3 go amazon-web-services aws-lambda terraform
我正在使用 S3 上传管理器将大文件上传到 S3。
if _, err := uploader.UploadWithContext(ctx, &s3manager.UploadInput{
Bucket: aws.String(s.Config.GetS3ExportBucket()),
Key: aws.String(key),
Body: bytes.NewReader(buf.Bytes()),
ContentEncoding: aws.String("gzip"),
ContentType: aws.String("application/json"),
}); err != nil {
return fmt.Errorf("failed to upload file, %w", err)
}
根据此AWS 文档,我也向我的 lambda 提供了权限。
#Created Policy for IAM Role
resource "aws_iam_policy" "s3_write_policy" {
name = "${local.namespace}-s3-write-access"
description = "Allow Lambda to access s3 where back will be written"
policy = data.aws_iam_policy_document.s3_write_policy.json
}
data "aws_iam_policy_document" "s3_write_policy" {
statement {
sid = "WriteObjectActions"
effect = "Allow"
actions = [
"s3:AbortMultipartUpload",
"s3:GetObject",
"s3:ListBucket",
"s3:ListBucketMultipartUploads",
"s3:PutObject",]
resources = [
aws_s3_bucket.db_export.arn]
}
}
但是,我不断收到来自 S3 的访问被拒绝错误。
您不仅需要提供对存储桶的访问权限,还需要提供对存储桶内所有对象的访问权限。
试试这个政策
data "aws_iam_policy_document" "s3_write_policy" {
statement {
sid = "WriteObjectActions"
effect = "Allow"
actions = [
"s3:AbortMultipartUpload",
"s3:GetObject",
"s3:ListBucket",
"s3:ListBucketMultipartUploads",
"s3:PutObject",]
resources = [
aws_s3_bucket.db_export.arn,
"${aws_s3_bucket.db_export.arn}/*"]
}
}
| 归档时间: |
|
| 查看次数: |
1410 次 |
| 最近记录: |