我在尝试使用NodeJS程序将对象上传到AWS S3时遇到以下错误。
2020-07-24T15:04:45.744Z 91aaad14-c00a-12c4-89f6-4c59fee047a1 INFO uploading to S3
2020-07-24T15:04:47.383Z 91aaad14-c00a-12c4-89f6-4c59fee047a1 INFO Bucket has been created already
2020-07-24T15:04:47.714Z 91aaad14-c00a-12c4-89f6-4c59fee047a1 INFO AccessDenied: Access Denied
at Request.extractError (/opt/nodejs/node_modules/aws-sdk/lib/services/s3.js:831:35)
at Request.callListeners (/opt/nodejs/node_modules/aws-sdk/lib/sequential_executor.js:106:20)
at Request.emit (/opt/nodejs/node_modules/aws-sdk/lib/sequential_executor.js:78:10)
at Request.emit (/opt/nodejs/node_modules/aws-sdk/lib/request.js:688:14)
at Request.transition (/opt/nodejs/node_modules/aws-sdk/lib/request.js:22:10)
at AcceptorStateMachine.runTo (/opt/nodejs/node_modules/aws-sdk/lib/state_machine.js:14:12)
at /opt/nodejs/node_modules/aws-sdk/lib/state_machine.js:26:10
at Request.<anonymous> (/opt/nodejs/node_modules/aws-sdk/lib/request.js:38:9)
at Request.<anonymous> (/opt/nodejs/node_modules/aws-sdk/lib/request.js:690:12)
at Request.callListeners (/opt/nodejs/node_modules/aws-sdk/lib/sequential_executor.js:116:18) {
code: 'AccessDenied',
region: null,
time: 2020-07-24T15:04:47.713Z,
requestId: '3FB484FAC50110BF',
这是我在NodeJS中创建和上传S3 bucket的代码(connect.ts(:-
import * as AWS from 'aws-sdk';
export class S3Client {
protected client: AWS.S3
constructor(accessKeyId: string, secretAccessKey: string) {
this.client = new AWS.S3( { accessKeyId, secretAccessKey } )
}
public uploadToS3(bucketName: string, folderName: string, subFolderName: string,
anotherSubFolderName: string, region: string, FILE_NAME: string, contents: any) {
console.log('uploading to S3');
let params: AWS.S3.Types.PutObjectRequest = {
Bucket: bucketName,
Key: `${folderName}/${subFolderName}/${anotherSubFolderName}/${FILE_NAME}`,
Body: contents,
ContentType: 'application/json; charset=utf-8',
ACL: 'public-read',
CacheControl: 'max-age=60'
}
return new Promise((resolve, reject) => {
this.client.createBucket({Bucket: bucketName}, (error, data) => {
if (error && error.statusCode == 409){
console.log("Bucket has been created already");
}else{
console.log('Bucket Created Successfully');
}
this.client.putObject(params, (error, data) => {
if (error) {
return reject(error);
}
console.log("Successfully uploaded data to " + bucketName);
return resolve(data);
});
})
})
};
}
我正在使用SAM(无服务器应用程序模型(模板编写Lambda函数。我已经创建了一个IAM用户,该用户具有CLI凭据(访问/机密访问密钥(,可以完全访问S3存储桶。我的Lambda函数运行良好,但当我尝试上传对象时,它失败了,出现了拒绝访问的错误。我添加了console.log((,看看我是否能够在尝试创建S3客户端对象时从环境变量中读取访问/秘密访问密钥,如下所示:-
索引.ts:-
import { S3Client } from './s3/connect';
const s3Client = new S3Client(
process.env.ACCESS_KEY_ID,
process.env.SECRET_ACCESS_KEY
)
const res = await s3Client.uploadToS3(bucketName, folderName, subFolderName,
anotherSubFolderName, region, FILE_NAME, JSON.stringify({ hello: 'world' }));
请协助就我的以下问题提供建议:-
如何确保我使用的是正确的AWS帐户?因为尽管上面写着,bucket已经创建,但当我登录到AWS控制台时,我没有看到任何bucket。由于bucket是全局性的,所以我在给定的列表中看不到任何bucket。因此,不确定bucket是否在正确的AWS帐户中创建。
如果一切都是正确的,那么你能告诉我什么时候应该进一步检查以调试这个拒绝访问的问题吗?
谢谢
您正在将区域传递给您的函数,但实际上并没有在PutObjectRequest或创建s3client时设置它。。
即,一个通用的s3对象:
const credentials = { accessKeyId: process.env.AWS_S3_ACCESS_KEY, secretAccessKey: process.env.AWS_S3_SECRET }
const s3 = new AWS.S3({ region: 'eu-west-1', credentials, useArnRegion: true })
编辑。。我认为buckets默认为us-west-1,所以也许可以在s3中查找您帐户上的那个区域?