I am confused as to how do I know which permissions to grant to Lambda service if I want it to be able to perform HeadBucket action.
Here's what I have in CloudFormation right now, and I just deducted these from the SAM S3ReadBucket policy. But how do I know exactly which permissions are exactly required for this?
This is what I have right now.
Policies:
- Statement:
- Sid: AllowHeadOnBucket
Effect: Allow
Action:
- 's3:GetObject'
- 's3:ListBucket'
- 's3:GetBucketLocation'
- 's3:GetObjectVersion'
- 's3:GetLifecycleConfiguration'
CodePudding user response:
I would start with the HeadBucket documentation:
To use this operation, you must have permissions to perform the s3:ListBucket action.
So you need s3:ListBucket
on the ARN of your S3 bucket e.g. arn:aws:s3:::mybucket
.