I am trying to get the s3 encrypted object in lambda function using following code, but i am getting Access denied error for Get Object.
s3 = boto3.client('s3')
response = s3.get_object(Bucket=bucket, Key=key)
I lambda has a assigned ole in which i have provided the kms policy.
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"kms:Decrypt",
"kms:Encrypt"
],
"Resource": "arn:aws:kms:ZONE:123456789012:key/ererwerwerwerer"
}
{
"Sid": "VisualEditor1",
"Effect": "Allow",
"Action": "s3:GetObject",
"Resource": "*"
}
Can anyone suggest me what I am missing here
CodePudding user response:
You are missing policies for accessing the S3 and make sure you update the S3 Bucket to allow access for the Lambda function.
CodePudding user response:
I was missing the lambda function role from KMS key policy.
{
"Effect": "Allow",
"Principal": {
"AWS": [
"arn:aws:iam::123456789012:role/xyz-lbz-lamda-role",
"arn:aws:iam::123456789012:root"
]
},
"Action": "kms:*",
"Resource": "*"
}