Serverless-application-model: S3CrudPolicy in Lambda should also includes s3:PutObjectAcl
Correct me if I'm wrong, but it looks like unless you explicitly set s3:PutObjectAcl, your lambda function can not create new bucket objects.
It only works if I explicitly add a new policy with s3:PutObjectAcl.
Example:
Function:
Type: AWS::Serverless::Function
Properties:
FunctionName: !Ref FunctionName
AutoPublishAlias: !Ref StageName
Description: "..."
Handler: main.handler
Runtime: nodejs8.10
MemorySize: 1536 # Mo
CodeUri: ../dist
Policies:
- S3CrudPolicy:
BucketName: !Ref Bucket
# This is actually required otherwise I'm unable to create object
- Version: 2012-10-17
Statement:
- Effect: Allow
Action: [ "s3:PutObjectAcl" ]
Resource:
- !GetAtt Bucket.Arn
If not, I get AccessDenied that I can see in CloudWatch when trying to run my lambda function.
markand
👍1
All 5 comments
The S3FullAccessPolicy includes this. It's broader than the Crud policy.
lafiosca
on 15 Jun 2018
👍2
Thanks, that make sense!
markand
on 19 Jun 2018
👍1
@lafiosca
The
S3FullAccessPolicyincludes this. It's broader than the Crud policy.
this is not added in the documentation for SAM templates
radiumrasheed
on 21 Feb 2020
@radiumrasheed It looks like it is added here
ShreyaGangishetty
on 21 Feb 2020
thanks, weird I didn't see it earlier
radiumrasheed
on 21 Feb 2020
Was this page helpful?
0 / 5 - 0 ratings
Related issues
rhboyd
路
3Comments
PMudra
路
4Comments
zeroastro
路
3Comments
restfulhead
路
4Comments
jiravani
路
3Comments
Most helpful comment
The
S3FullAccessPolicyincludes this. It's broader than the Crud policy.