I’ve granted permission for all s3 actions but I still cannot copy the object. I can action other events such as ListObjects and GetObject with lambdas but not copy. I’m sure it’s a permission error. Please can someone help me figure out why?
iamRoleStatements:
- Effect: Allow
Action:
- dynamodb:*
- s3:*
- s3:PutObject
- s3:PutObjectAcl
- s3:PutObjectTagging
- sns:*
Resource:
- arn:aws:s3:::${self:custom.UploadSignalBucket.name}/*
- arn:aws:dynamodb:#{AWS::Region}:#{AWS::AccountId}:table/SignalTable
- arn:aws:dynamodb:#{AWS::Region}:#{AWS::AccountId}:table/HistoricalSignalTable
- arn:aws:dynamodb:#{AWS::Region}:#{AWS::AccountId}:table/TaskScheduleTable
- !Join ['/', [ '${self:custom.SignalTable.arn}', 'index', 'launchScanStatus' ]]
- !Join ['/', [ '${self:custom.TaskScheduleTable.arn}', 'index', 'TaskStatus' ]]
- arn:aws:s3:::${self:custom.SignalBucket.name}/*
- arn:aws:sns:eu-west-1:616275124992:icp-enrichmentTopic
- arn:aws:sns:eu-west-1:616275124992:icp-reIndex-topic
- arn:aws:sns:eu-west-1:616275124992:icp-job-index
resources:
Resources:
SignalTable: ${file(resources/SignalTable.yml):SignalTable}
HistoricalSignalTable: ${file(resources/HistoricalSignalTable.yml):HistoricalSignalTable}
SignalBucket: ${file(resources/SignalBucket.yml):SignalBucket}
UploadSignalBucket: ${file(resources/UploadSignalBucket.yml):UploadSignalBucket}
TaskScheduleTable: ${file(resources/TaskScheduleTable.yml):TaskScheduleTable}
s3 Resource:
UploadSignalBucket:
Type: AWS::S3::Bucket
Properties:
# Set the CORS policy
CorsConfiguration:
CorsRules:
-
AllowedOrigins:
- '*'
AllowedHeaders:
- '*'
AllowedMethods:
- GET
- PUT
- POST
- DELETE
- HEAD
MaxAge: 3000
Outputs:
UploadSignalBucketName:
Value:
Ref: UploadSignalBucket
My error message: