Question:
I have some Python that can request a presigned POST URL to upload an object into an S3 bucket. It works running it locally, under my IAM user with Admin abilities, and I can upload things to the bucket using Postman and cURL. However, when trying to run the same code in Lambda, it says “The AWS Access Key Id you provided does not exist in our records.”.
The only difference is that the Lambda function runs without Admin-rights (but it does have a policy that allows it to run any S3 action on the bucket) and is using a different (older) version of Boto3.
This is the code I’m trying to use: https://boto3.amazonaws.com/v1/documentation/api/latest/guide/s3-presigned-urls.html#generating-a-presigned-url-to-upload-a-file
I’ve tried to use the details returned from the Lambda function in exactly the same way as I’m using the details returned locally, but the Lambda details don’t work.
Answer:
Here is 100% workable solution of AWS lambda
- Attach policy AmazonS3FullAccess
- Do not use multipart/form-data upload
- Configure S3 CORS
- Use next python code
123456789101112131415161718192021222324252627282930313233343536373839import uuidimport boto3def lambda_handler(event, context):s3 = boto3.client('s3')upload_key = 'myfile.pdf'download_key = 'myfile.pdf'bucket = 'mys3storage'# Generate the presigned URL for downloadpresigned_download_url = s3.generate_presigned_url(ClientMethod='get_object',Params={'Bucket': bucket,'Key': download_key,'Expires': 3600})# Generate the presigned URL for uploadpresigned_upload_url = s3.generate_presigned_url(ClientMethod='put_object',Params={'Bucket': bucket,'Key': upload_key,'ContentType': 'application/pdf','Expires': 3600})# return the resultreturn {"upload_url": presigned_upload_url"download_url": download_url}