我正在尝试为S3中添加的对象添加特定前缀的标记
{
"Records": [
.......... JUNK METADATA ..........
"s3": {
"s3SchemaVersion": "1.0",
"configurationId": "#####",
"bucket": {
"name": "testlambdatagging",
"ownerIdentity": {
"principalId": "#######"
},
"arn": "arn:aws:s3:::testlambdatagging"
},
"object": {
"key": "PREFIX/starshipBlack.png",
"size": 512822,
"eTag": "#########",
"sequencer": "#########"
}
}
}
]
}
理想情况下,当我在S3中添加“starshipplack.png”@testlambdatagging/PREFIX
;将触发lambda函数并添加此文件的标记
但问题是,当lambda被触发时,我一直会得到以下错误:An error occurred (AccessDenied) when calling the GetObjectTagging operation: Access Denied
代码在s3_cl.get_object_tagging
失败
我的代码如下所示:
import boto3
import json
s3_cl = boto3.client('s3')
def lambda_handler(event, context):
try:
bucket_name = event["Records"][0]["s3"]["bucket"]["name"]
bucket_object = event["Records"][0]["s3"]["object"]["key"]
object_tags = s3_cl.get_object_tagging(
Bucket=bucket_name,
Key=bucket_object,
)
new_key = "newKey2"
new_value = "newValue2"
new_dict = {'Key' : new_key, 'Value' : new_value}
old_tags = object_tags['TagSet']
new_tags = old_tags
new_tags.append(new_dict)
put_tags_response = s3_cl.put_object_tagging(
Bucket=bucket_name,
Key=bucket_object,
Tagging={
'TagSet': new_tags
}
)
return
except Exception as e:
print(e)
raise e
return
我对桶的IAM政策是:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"s3:GetObject",
"s3:GetObjectTagging",
"s3:ListBucket",
"s3:PutObjectTagging",
"s3:GetBucketLocation"
],
"Resource": [
"arn:aws:s3:::testlambdatagging/PREFIX",
"arn:aws:s3:::testlambdatagging/PREFIX/*"
]
}
]
}
有人能帮我理解我错过了什么吗?
我读过多个解决方案,它们说我需要将"s3:GetObjectTagging"
添加到我添加的IAM策略中
目前没有回答
相关问题 更多 >
编程相关推荐