search

aws-samples / aws-serverless-workshop-innovator-island

Welcome to the Innovator Island serverless workshop! This repo contains all the instructions and code you need to complete the workshop.
MIT No Attribution
564 stars 228 forks source link

Lambda function "theme-park-photos-CompositeFunction" is returning an AccessDenied error #88

Closed victorshinya closed 1 year ago

victorshinya commented 1 year ago

Describe the bug When you upload the test PNG image to S3 bucket "UploadBucket", the Lambda function "theme-park-photos-CompositeFunction" returns an Invoke Error (check CloudWatch logs).

CloudWatch log:

{
    "errorType": "AccessDenied",
    "errorMessage": "Access Denied",
    "code": "AccessDenied",
    "message": "Access Denied",
    "region": null,
    "time": "2023-02-24T18:54:18.237Z",
    "requestId": "G9B1CCWSQ9TV3BM9",
    "extendedRequestId": "5E1vQEwjZponfBIz9wg11NbdHr87Bkb81poNVSk+6qztJ805F5TSATDLu1JRTk+cSvmPs2EHyHw=",
    "statusCode": 403,
    "retryable": false,
    "retryDelay": 27.787428612758667,
    "stack": [
        "AccessDenied: Access Denied",
        "    at Request.extractError (/var/task/node_modules/aws-sdk/lib/services/s3.js:711:35)",
        "    at Request.callListeners (/var/task/node_modules/aws-sdk/lib/sequential_executor.js:106:20)",
        "    at Request.emit (/var/task/node_modules/aws-sdk/lib/sequential_executor.js:78:10)",
        "    at Request.emit (/var/task/node_modules/aws-sdk/lib/request.js:686:14)",
        "    at Request.transition (/var/task/node_modules/aws-sdk/lib/request.js:22:10)",
        "    at AcceptorStateMachine.runTo (/var/task/node_modules/aws-sdk/lib/state_machine.js:14:12)",
        "    at /var/task/node_modules/aws-sdk/lib/state_machine.js:26:10",
        "    at Request.<anonymous> (/var/task/node_modules/aws-sdk/lib/request.js:38:9)",
        "    at Request.<anonymous> (/var/task/node_modules/aws-sdk/lib/request.js:688:12)",
        "    at Request.callListeners (/var/task/node_modules/aws-sdk/lib/sequential_executor.js:116:18)"
    ]
}

Link to workshop URL https://www.eventbox.dev/published/lesson/innovator-island/3-photos/2-backend.html

To Reproduce Steps to reproduce the behavior:

  1. Go to the Workshop URL
  2. Create the Lambda function using SAM
  3. Add the S3 trigger to the Lambda function
  4. Test the function by uploading the test PNG image
  5. Check the error on CloudWatch logs in "CompositeFunction" log group

Expected behavior The Lambda function should create a photo compositing and upload to S3 bucket "FinalBucket".

Screenshots Not applicable. I included the CloudWatch logs in "Describe the bug" section.

Desktop (please complete the following information):

Additional context No additional context.

machafer commented 1 year ago

@victorshinya, thanks for raising this. Please make sure you're not using any AWS internal tool, which restrics S3 public access. If yes, we recommend you to deploy it with your personal account. Thanks!

victorshinya commented 1 year ago

Ok! Thank you!