Я сохраняю файл json в корзине s3, и я использую лямбда-функцию, созданную под управлением разработчика IAM.
Политика в отношении ресурса:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::355:user/cDeveloper"
},
"Action": "s3:*",
"Resource": "arn:aws:s3:::ag-grid/*"
}
]
}
Когда я запускаю тест, я получаю:
START RequestId: abb632556 Version: $LATEST
An error occurred (AccessDenied) when calling the PutObject operation: Access Denied: ClientError
Traceback (most recent call last):
File "/var/task/lambda_function.py", line 24, in main
run(event)
File "/var/task/lambda_function.py", line 21, in run
s3.Bucket('ag-grid').put_object(Key='assets/kpi.json', Body='kpi.json')
File "/var/runtime/boto3/resources/factory.py", line 520, in do_action
response = action(self, *args, **kwargs)
File "/var/runtime/boto3/resources/action.py", line 83, in __call__
response = getattr(parent.meta.client, operation_name)(**params)
File "/var/runtime/botocore/client.py", line 314, in _api_call
return self._make_api_call(operation_name, kwargs)
File "/var/runtime/botocore/client.py", line 612, in _make_api_call
raise error_class(parsed_response, operation_name)
botocore.exceptions.ClientError: An error occurred (AccessDenied) when calling the PutObject operation: Access Denied
Это моя функция:
r = requests.get('http://endpoint/', headers=headers).json()
#save to temp folder
with open('kpi.json', 'w') as outfile:
json.dump(r, outfile)
s3 = boto3.resource('s3')
s3.Bucket('ag-grid').put_object(Key='assets/kpi.json', Body='kpi.json')
Я пытался сделать Принципал: * и это работает, но открыто для всех.