Can't list S3 buckets despite having FullAccess?

lambdaanatexis · October 18, 2018, 12:40pm

I’m creating a Lambda that iterates over all S3 buckets and has the line:
for bucket in s3.buckets.all():

When I try to test it I get:
“An error occurred (AccessDenied) when calling the ListBuckets operation: Access Denied”

I’m in a group that has the AmazonS3FullAccess policy:
“Statement”: [
{
“Effect”: “Allow”,
“Action”: “s3:",
“Resource”: "”
}
Why can I not even list the buckets?

Edit: after some Googling I created another policy with:
“Resource”: ["", "arn:aws:s3:::/*"]
and attached it to a group I’m in and I still get the same response. WTF Amazon?

bfieber · October 18, 2018, 2:37pm

You may have authority to call it, but does your Lambda?

Ensure that you grant permissions to the Lambda function by including it in your serverless.yml under provider.iamRoleStatements.
example:

provider:
  name: aws
  stage: dev
  iamRoleStatements:
    - Effect: Allow
      Action:
        - s3:ListBuckets
      Resource: 
        - arn:aws:s3:::*

Hope that helps.

lambdaanatexis · October 19, 2018, 8:51am

This was to be used by AWS Config (RDK) service which I’m told creates the necessary policies so making the change you suggested shouldn’t be neceaary so I got around it like that.

Topic		Replies	Views
Accessing S3 Bucket from Lambda Access Denied Serverless Framework lambda	1	10245	June 18, 2018
How to let a function access bucket Serverless Framework	3	3618	December 2, 2017
How to harden S3? Serverless Framework	0	374	March 9, 2020
How to grant access to AWS resources Serverless Framework	2	571	March 11, 2020
Serverless AWS credentials issue Node.js Serverless Framework aws	2	1569	March 5, 2018

Can't list S3 buckets despite having FullAccess?

Related Topics