1

I made a aws lambda function that reads s3 data and process. It was working fine (was able to read my bucket or someone else's bucket when I have credentials),

Then, I added VPC for elasticache. After doing some config stuff (vpc), It worked fine with elasticache too.

However, now I cannot read S3 that belongs to someone else!

This used to work with no problem.

var aws = require('aws-sdk');
aws.config.update(...);
var s3 = new aws.S3({...});
s3.listObjects(...)

I can still access my S3 bucket.

So I think, VPC and configs have some weird things are blocking me from making (https?) calls for s3 sdk apis. I thought I allowed all internet accesses. (I can call this lambda from another lambda).

Steps I followed to allow internet accesses was from this link. http://marcelog.github.io/articles/aws_lambda_internet_vpc.html

What would block s3 sdk requests? and how would I fix them?

kevinJiang99
  • 81
  • 1
  • If you can access S3 for one bucket, then you should be able to use it for other buckets too (or at least for other buckets in the same region). What is the error message you are receiving? You could test credentials by launching an Amazon EC2 instance with the same Role (or a role with the same permissions) and using the [AWS Command-Line Interface (CLI)](http://aws.amazon.com/cli/) to try accessing the buckets. – John Rotenstein Nov 03 '16 at 09:10
  • It just hangs there.. if there were credential issues, it would have said "access denied". Also, I'm pretty clear that I'm using ring credentials because it works without this VPC stuff. This is really weird. Are you sure that lambda accesses my s3 and other people's s3 in a same way? – kevinJiang99 Nov 03 '16 at 13:03
  • There is one [S3 endpoint per region](http://docs.aws.amazon.com/general/latest/gr/rande.html). The only issue might be that the other bucket is in a different region, and a security group is not permitting access to the other region. Start with a clean setup (eg no VPC) and try changing things until it breaks and you know what causes the problem. Try different buckets. Try reproducing via EC2 (as per my comment above). Something is fishy, you've just got to narrow-down the situation to identify the problem. – John Rotenstein Nov 03 '16 at 20:28

0 Answers0