'S3FullAccessPolicy' added to lambda function is not allowing to put object to s3 bucket. #3299
-
Beta Was this translation helpful? Give feedback.
Replies: 2 comments
-
|
In my SAM application, I need to add file to s3 bucket . I am doing it with "upload_fileobj" function. I have addded "S3FullAccessPolicy" to this lambda to add permissions. But I see this error [ERROR] ClientError: An error occurred (AccessControlListNotSupported) when calling the PutObject operation: The bucket does not allow ACLs My template file: I also read that adding acl is not recommended in this documentation -'https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket.html#cfn-s3-bucket-accesscontrol' Is it possible to solve this without adding ACL for s3. |
Beta Was this translation helpful? Give feedback.
-
|
As you can see in the S3FullAccess policy it does have Though you can browse the aforementioned file and find the policy which suits your needs better, I encourage you to use a Connector instead if you're writing to S3 from Lambda function. If it's the case, you'll need a Lambda to S3 connector. You can read more about connectors here. And the list of already existing profiles is here. |
Beta Was this translation helpful? Give feedback.
As you can see in the S3FullAccess policy it does have
Get/PutObjectAclaction items and we keep it there mainly because of the backwards compatibility cases. Using*ObjectAclpermissions is indeed not recommended because of the security concerns.Though you can browse the aforementioned file and find the policy which suits your needs better, I encourage you to use a Connector instead if you're writing to S3 from Lambda function. If it's the case, you'll need a Lambda to S3 connector. You can read more about connectors here. And the list of already existing profiles is here.