Hello @thibmaek,
I was having same exact issue trying to upload a file to S3 using AWS Node.js SDK and the privilege I was missing turned out to be s3:PutObjectTagging . How did I found this out? I manually modified the Lambda’s role in IAM to provide full access to S3, like so,
{
"Action": [
"s3:*"
],
"Resource": "MY-BUCKET/*",
"Effect": "Allow"
}
Then upload started working. This allowed me to narrow down the issue. It was definitely a missing permission. Then I read the AWS documentation at https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutObjectTagging.html, and noticed that my request is to upload in my Node.js app is trying to add tagging during upload. Below are the parameters I pass to aws-sdk.S3 client,
const uploadParams = {
Bucket: chunk.bucketName,
Key: chunk.filePath,
Tagging: 'created_by=Missing-Image-Delivery-Pipeline',
Body: passThrough
}
After I found my root cause and in order to adhere to least privilege principle I changed the Lambda’s role policy to,
{
"Action": [
"s3:GetObject",
"s3:PutObject",
"s3:PutObjectTagging"
],
"Resource": "arn:aws:s3:::MY-BUCKET/*",
"Effect": "Allow"
}
So now I’m a happier camper. Hope this helps you narrow down your problem if you haven’t already, good luck.