amazon-web-services - AWS Lambda : An error occurred (403) when calling the HeadObject operation: Forbidden

Question

我有一个 lambda 函数进行 s3 HeadObject 调用。尽管已经为此 lambda 函数制定了自定义策略，但每当进行此 HeadObject 调用时，我都会收到 403 错误。具体有;

An error occurred (403) when calling the HeadObject operation: Forbidden

我的政策非常明确地允许 GetObject 调用有问题的存储桶。不确定是什么问题。我已经三重检查它是否全部对齐。有问题的行是:

    s3 = boto3.client('s3')
    local_file_path = '/tmp/' + key_name.split('/')[-1] + '_REMOTE.json'
    response = s3.head_object(Bucket=environ['OUTPUT_BUCKET'], Key=OUTPUT_FILE_NAME)

让我知道我是否可以提供更多信息以提供帮助

Answer 1

既然你说文件丢失了它的预期行为，如果你丢失了 s3:ListBucket权限

You need the s3:GetObject permission for this operation. For more information, go to Specifying Permissions in a Policy in the Amazon Simple Storage Service Developer Guide. If the object you request does not exist, the error Amazon S3 returns depends on whether you also have the s3:ListBucket permission.

If you have the s3:ListBucket permission on the bucket, Amazon S3 will return a HTTP status code 404 ("no such key") error.

If you don’t have the s3:ListBucket permission, Amazon S3 will return a HTTP status code 403 ("access denied") error.

链接到 doco

执行 HEAD 还有一个“不同”的最终一致性行为。 之前 上传对象

Amazon S3 Data Consistency Model Amazon S3 provides read-after-write consistency for PUTS of new objects in your S3 bucket in all regions with one caveat. The caveat is that if you make a HEAD or GET request to the key name (to find if the object exists) before creating the object, Amazon S3 provides eventual consistency for read-after-write.