Home > front end >  How to invoke lambda function from local machine
How to invoke lambda function from local machine

Time:09-07

I'm relatively new to python and lambda, and I have created this lambda function in the AWS console.

import boto3
import json


def lambda_handler(event, context):

    s3 = boto3.resource('s3')
    bucket = s3.Bucket('demo-bucket')

    for file in bucket.objects.all():
        print(file.key, file.last_modified)
     
    return {
        "statusCode": 200,
        "body": json.dumps('Hello from Lambda!')
        }

And when I test it via the console, it works just fine. No issues at all.

But then I try to run something similar from the a python file on my laptop, it throws the error botocore.exceptions.ClientError: An error occurred (AccessDenied) when calling the ListObjects operation: Access Denied

This is what my local python file looks like.

import boto3
import json
import os


def lambda_handler():

    lambda_client = boto3.client('lambda')
    role_response = (lambda_client.get_function_configuration(
        FunctionName = os.environ['LAMBDA_FUNCTION'])
    )

    print(role_response['Role'])
    
    s3 = boto3.resource('s3')
    bucket = s3.Bucket('demo-bucket')

    for file in bucket.objects.all():
        print(file.key, file.last_modified)
     
    return {
        "statusCode": 200,
        "body": json.dumps('Hello from Lambda!')
        }

lambda_handler()

FunctionName = os.environ['LAMBDA_FUNCTION'] is the same function I'm calling via the console that works.

Is there a reason why it doesn't work when I use this local file?

What am I doing wrong please?

CodePudding user response:

Like @Mark B said, it's definitely an s3 permissions error. You can try adding these extra lines to your local script.

account_id = boto3.client('sts').get_caller_identity()
print(account_id['Arn'])

So it looks like this.

import boto3
import json
import os


def lambda_handler():

    lambda_client = boto3.client('lambda')
    role_response = (lambda_client.get_function_configuration(
        FunctionName = os.environ['LAMBDA_FUNCTION'])
    )
    
    account_id = boto3.client('sts').get_caller_identity()
    print(account_id['Arn'])
    
    print(role_response['Role'])
    
    s3 = boto3.resource('s3')
    bucket = s3.Bucket('demo-bucket')

    for file in bucket.objects.all():
        print(file.key, file.last_modified)
     
    return {
        "statusCode": 200,
        "body": json.dumps('Hello from Lambda!')
        }

lambda_handler()

While running it in the console, you're most likely using a role that has access to the bucket, but locally, it's being executed by a user that doesn't.

These two new lines should show you the user executing the python script, and you can check the bucket to see if the user has permissions.

Page link:https//www.codepudding.com/frontend/536227.html

Prev:How to display a different message in first input and another message in second input?
Next:Amazon S3: Allow Dynamic Groups of Users Access
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding