Stuck on an issue?
Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
Access Denied when calling the ListObjectsV2
See original GitHub issueSome info is hidden for security purposes
Seems like the Lambda Copy function is not being able to actually copy the code from the source bucket. Here’s the IAM Role attached to the Lambda function:
{
"Version": "2012-10-17",
"Statement": [
{
"Action": [
"logs:CreateLogGroup",
"logs:CreateLogStream",
"logs:PutLogEvents"
],
"Resource": "*",
"Effect": "Allow",
"Sid": "AllowLogging"
},
{
"Action": [
"s3:List*",
"s3:GetObject"
],
"Resource": [
"arn:aws:s3:::codesuite-demo-public",
"arn:aws:s3:::codesuite-demo-public/Archive.zip"
],
"Effect": "Allow",
"Sid": "SourceBucketReadAccess"
},
{
"Action": [
"s3:List*",
"s3:GetObject",
"s3:PutObject",
"s3:PutObjectAcl",
"s3:PutObjectVersionAcl",
"s3:DeleteObject",
"s3:DeleteObjectVersion",
"s3:CopyObject"
],
"Resource": [
"arn:aws:s3:::k8s-ci-cd-4-lambdacopy-XXXXXXXXX",
"arn:aws:s3:::k8s-ci-cd-4-lambdacopy-XXXXXXXXX/*"
],
"Effect": "Allow",
"Sid": "DestBucketWriteAccess"
}
]
}
-Region: Oregon and N. Virginia (each on different accounts) -CloudFormation Error Message:
The following resource(s) failed to create: [ImportCode].
Failed to create resource. See the details in CloudWatch Log Stream
-CloudWatch Logs dump:
START RequestId: 5941bc8d-fba7-11e7-af7f-f79427db5ecd Version: $LATEST
[INFO] 2018-01-17T16:56:23.810Z 5941bc8d-fba7-11e7-af7f-f79427db5ecd Received event:
{
"StackId": "arn:aws:cloudformation:us-west-2:XXXXXXXXXXX:stack/k8s-ci-cd-4-LambdaCopy-FXB141HTGIOS/3719fe10-fba7-11e7-876d-503aca41a035",
"ResponseURL": "https://cloudformation-custom-resource-response-uswest2.s3-us-west-2.amazonaws.com/arn%3Aaws%3Acloudformation%3Aus-west-2%3A109434434086%3Astack/k8s-ci-cd-4-LambdaCopy-FXB141HTGIOS/3719fe10-fba7-11e7-876d-503aca41a035%7CImportCode%7C8ce16337-8162-4de7-ad4c-7d82fc519fa1?AWSAccessKeyId=XXXXXXXXXXXXX&Expires=1516215383&Signature=0K6%2FzZnKeppp38xdXv4nMfsOG0M%3D",
"ResourceProperties": {
"LocalBucket": "k8s-ci-cd-4-lambdacopy-XXXXXXXXXXX",
"SourceBucket": "codesuite-demo-public",
"ServiceToken": "arn:aws:lambda:us-west-2:XXXXXXXXXXXX:function:k8s-ci-cd-4-LambdaCopy-FXB14-CopyS3ObjectsFunction-OT9C1VMH17MH",
"SourcePrefix": "Archive.zip"
},
"RequestType": "Create",
"ServiceToken": "arn:aws:lambda:us-west-2:XXXXXXXXXXXXX:function:k8s-ci-cd-4-LambdaCopy-FXB14-CopyS3ObjectsFunction-OT9C1VMH17MH",
"ResourceType": "Custom::S3Objects",
"RequestId": "8ce16337-8162-4de7-ad4c-7d82fc519fa1",
"LogicalResourceId": "ImportCode"
}
[INFO] 2018-01-17T16:56:23.878Z 5941bc8d-fba7-11e7-af7f-f79427db5ecd Starting new HTTPS connection (1): s3.us-west-2.amazonaws.com
[INFO] 2018-01-17T16:56:24.39Z 5941bc8d-fba7-11e7-af7f-f79427db5ecd Starting new HTTPS connection (1): s3.amazonaws.com
[ERROR] 2018-01-17T16:56:24.532Z 5941bc8d-fba7-11e7-af7f-f79427db5ecd Error: An error occurred (AccessDenied) when calling the ListObjectsV2 operation: Access Denied
https://cloudformation-custom-resource-response-uswest2.s3-us-west-2.amazonaws.com/arn%3Aaws%3Acloudformation%3Aus-west-2%3A109434434086%3Astack/k8s-ci-cd-4-LambdaCopy-FXB141HTGIOS/3719fe10-fba7-11e7-876d-503aca41a035%7CImportCode%7C8ce16337-8162-4de7-ad4c-7d82fc519fa1?AWSAccessKeyId=XXXXXXXXXXXXXX&Expires=1516215383&Signature=0K6%2FzZnKeppp38xdXv4nMfsOG0M%3D
Response body:
{
"Status": "FAILED",
"StackId": "arn:aws:cloudformation:us-west-2:XXXXXXXXXXXXX:stack/k8s-ci-cd-4-LambdaCopy-FXB141HTGIOS/3719fe10-fba7-11e7-876d-503aca41a035",
"PhysicalResourceId": "2018/01/17/[$LATEST]7978d80d7c584cdea7ea910dbcf20ead",
"Reason": "See the details in CloudWatch Log Stream: 2018/01/17/[$LATEST]7978d80d7c584cdea7ea910dbcf20ead",
"NoEcho": false,
"RequestId": "8ce16337-8162-4de7-ad4c-7d82fc519fa1",
"Data": {},
"LogicalResourceId": "ImportCode"
}
Issue Analytics
- State:
- Created 6 years ago
- Comments:6 (1 by maintainers)
Top Results From Across the Web
An error occurred (AccessDenied) when calling ... - AWS re:Post
The error suggests that your IAM identity (your IAM user here) does not have the permission to List the bucket (s3:ListBucket action) in...
Read more >AccessDenied for ListObjects for S3 bucket when permissions ...
An error occurred (AccessDenied ) when calling the ListObjectsV2 operation: Access Denied. Using this form worked: aws s3 ls {bucket name}.
Read more >S3 Access Denied when calling ListObjectsV2 | bobbyhadz
Open your AWS S3 console and click on your bucket's name · Click on the Permissions tab and scroll down to the Bucket...
Read more >AWS S3 ListObjects Access Denied | Troubleshooting Tips
The Access Denied error occurs due to not having the required permissions to perform actions on the bucket. Fortunately, there is an easy ......
Read more >AWS IAM policy and AWS S3 ListObjectsV2 operation
An error occurred (AccessDenied ) when calling the ListObjectsV2 operation: Access Denied. Here is the bucket policy
Read more >
Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free
Top Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
@kirankashalkar did you ever found a solution for that? struggling with the same problem right now
This was a problem with the s3 bucket permissions. This is fixed now, closing this issue.