aws-sdk putObject Access Denied Request.extractErr

2019-09-11 05:39发布

问题:

I have the following policy attached to the IAM user I am using.

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "Stmt1468642330000",
            "Effect": "Allow",
            "Action": [
                "s3:*"
            ],
            "Resource": [
                "arn:aws:s3:::elasticbeanstalk-ap-southeast-1-648213736065/documents/*"
            ]
        }
    ]
}

Problem is when I do something like:

return readFile(file.path)
  .then(function(buffer) {
    var s3obj = s3.putObject({
      Bucket: bucket,
      Key: `documents/${destFileName}`,
      Body: buffer
    });
    return s3obj.promise();
  });

I get:

AccessDenied: Access Denied

Whats wrong here?


Looks like when I use listBuckets, I get contents from my other S3 account. Seems like the way I configure the SDK is incorrect?

回答1:

Ok, I found the issue, looks like its using the [default] profile specified in the ~/.aws/credentials file.

I found that I need to configure AWS like this:

AWS.config = new AWS.Config({
  accessKeyId: appConfig.aws.accessId,
  secretAccessKey: appConfig.aws.secretKey,
  logger: process.stdout
});

I was originally setting

AWS.config.accessKeyId = ...