Should buckets created by event specification have Read permissions?

joe_n · July 14, 2017, 10:26am

Hey there,

I have set up basic S3 events as per the example:

functions:
  users:
    handler: users.handler
    events:
      - s3:
          bucket: photos
          event: s3:ObjectCreated:*

Events work but is it assumed that the Lambda role should also have List/Get permissions to this bucket?

At the moment I have to manually attach a custom policy to the role to allow the function to download objects from this bucket.

When I tried adding the required bucket policy to the Resources section of serverless.yml I get a Circular Reference error from CF, e.g.

The CloudFormation template is invalid: Circular dependency between resources…

Is there a way to add these permissions without having to manually attach the policy?
_

buggy · July 15, 2017, 5:40am

When you say “manually” are you going into the console after deploying and making the adjustment there?

You could give the function the relevant permissions by setting the iamRoleStatements inside your serverless.yml.

Topic		Replies	Views
Creating an S3 Bucket with Lambda Events Serverless Framework aws , lambda	2	3215	January 15, 2021
S3 Bucket event and lifecycle Serverless Framework aws	2	6877	January 10, 2018
Lambda-function-public-access-prohibited Actions Serverless Framework	1	2328	October 12, 2020
How to let a function access bucket Serverless Framework	3	3720	December 2, 2017
Create s3 events with a lifecycle policy Serverless Framework aws , lambda	1	913	January 18, 2021