我有点问题。我有几个lambda函数,如果我在本地创建脚本,并运行它,所有的工作都可以,但是如果我的代码在远程lambda上工作,我会得到错误:访问被拒绝
S3Service.prototype.PutFile = function (bucket, key, body, type, callback) {
var s3 = new this.AWS.S3({region: awsConfig.region,"signatureVersion":"v4"});
var params = {
Bucket: bucket,
Key: key,
Body: body,
ContentType: type,
ACL: 'public-read-write',
ServerSideEncryption: 'aws:kms',
SSEKMSKeyId: awsConfig.kmsKeyId
};
s3.putObject(params, function (err, res) {
if (err) {
callback(new InternalServerError(err));
} else {
callback(null);
}
});
};
S3Service.prototype.GetFile = function (params, callback) {
var s3 = new this.AWS.S3({ region: awsConfig.region,"signatureVersion":"v4"});
s3.getObject(params, function (err, data) {
if (err) {
callback(new InternalServerError(err));
} else {
callback(null, data.Body, data.ContentType);
}
});
};
存储桶策略:
var policy = {
"Version": "2012-10-17",
"Statement":[{
"Sid":"DenyUnEncryptedObjectUploads",
"Effect":"Deny",
"Principal": "*",
"Action":["s3:PutObject"],
"Resource": "arn:aws:s3:::" + name + "/*",
"Condition":{
"StringNotEquals":{
"s3:x-amz-server-side-encryption":"aws:kms"
}
}
}
]
};
正在生成kms密钥:
kms.createKey({ Description: 'qwe', KeyUsage: 'ENCRYPT_DECRYPT' }, function (err, data) {
//var keyId = data.KeyMetadata.KeyId
});
如何正确地使用: ServerSideEncryption:'aws:kms‘将加密对象放入和获取到S3?
https://stackoverflow.com/questions/36858390
复制相似问题