Acceso denegado en la función aws lambda cuando getObject del cubo S3
Estoy usando el código predeterminado para una función lambda:
console.log('Loading function');
var aws = require('aws-sdk');
var s3 = new aws.S3({ apiVersion: '2006-03-01' });
exports.handler = function(event, context) {
//console.log('Received event:', JSON.stringify(event, null, 2));
// Get the object from the event and show its content type
var bucket = event.Records[0].s3.bucket.name;
var key = decodeURIComponent(event.Records[0].s3.object.key.replace(/\+/g, ' '));
var params = {
Bucket: bucket,
Key: key
};
s3.getObject(params, function(err, data) {
if (err) {
console.log(err);
var message = "Error getting object " + key + " from bucket " + bucket +
". Make sure they exist and your bucket is in the same region as this function.";
console.log(message);
context.fail(message);
} else {
console.log('CONTENT TYPE:', data.ContentType);
context.succeed(data.ContentType);
}
});
};
Sin embargo, obtengo un error de acceso denegado:
2016-02-24T14:21:21.503Z kvyo1midvc2r69gm Loading function
START RequestId: baf9049b-db01-11e5-bc34-791df91353a9 Version: $LATEST
2016-02-24T14:21:22.500Z baf9049b-db01-11e5-bc34-791df91353a9 { [AccessDenied: Access Denied] message: 'Access Denied', code: 'AccessDenied', region: null, time: Wed Feb 24 2016 14:21:22 GMT+0000 (UTC), requestId: '215CD9BB4094E209', extendedRequestId: '0kDBEyMiJYbMApEqJuAtKct2SKLI7Z7tCBVyW6QJsYwMHROvtCEDynbGSsBdqbwFcX+YrSlGnsg=', statusCode: 403, retryable: false, retryDelay: 30 }
2016-02-24T14:21:22.539Z baf9049b-db01-11e5-bc34-791df91353a9 Error getting object {"originalFilename":"c12eaadf3d3b46d9b5ded6c078534c11","versions":[{"Size":1024,"Crop":null,"Max":false,"Rotate":0}]} from bucket xmovo.originalimages.develop. Make sure they exist and your bucket is in the same region as this function.
2016-02-24T14:21:22.539Z baf9049b-db01-11e5-bc34-791df91353a9
{
"errorMessage": "Error getting object {\"originalFilename\":\"c12eaadf3d3b46d9b5ded6c078534c11\",\"versions\":[{\"Size\":1024,\"Crop\":null,\"Max\":false,\"Rotate\":0}]} from bucket xmovo.originalimages.develop. Make sure they exist and your bucket is in the same region as this function."
}
END RequestId: baf9049b-db01-11e5-bc34-791df91353a9
REPORT RequestId: baf9049b-db01-11e5-bc34-791df91353a9 Duration: 723.44 ms Billed Duration: 800 ms Memory Size: 128 MB Max Memory Used: ,34 MB
Mi función lambda y mi bucket S3 están en la misma región 'US Standart' y 'us-east-1', que son las mismas
Los permisos de IAM están bien para la función lambda, lo que permite GetObject Action (se configura con el asistente que crea la función lambda)
con toda esa verificación, no tengo idea de por qué sigo recibiendo el error de acceso denegado
Gracias por adelantado