I've got a Lambda function set up with three environment variables: AFF_OBJECT_KEY, BUCKET_NAME, and DIC_OBJECT_KEY. Everything runs smoothly when the BUCKET_NAME points to a standard S3 bucket. However, when I switch it to an S3 Express One Zone bucket (like 'tests3expressok--use1-az4--x-s3'), I'm unable to read the files. I've confirmed that the permissions in the IAM roles and trusts are correctly configured, but I'm hitting an 'AccessDenied' error during the CreateSession operation. Does anyone know if I might be missing something, or is S3 Express One Zone not fully compatible with Lambda yet?
3 Answers
Have you checked if both your Lambda function and the S3 Express bucket are in the same Availability Zone? Sometimes that can cause issues. Here's a link that might help: https://repost.aws/questions/QUuuOUZ_sGTFiZ7IXcwR6a3g/same-zone-for-s3-express-one-zone-and-lambda
Take a look at the IAM role attached to your Lambda function. It’s important to ensure that it has the right access to the S3 bucket you're trying to use. Check what permissions it currently has.
Even with S3 full access permissions granted, you might still face connectivity issues, especially with certain Boto3 versions. I found that version 1.38.2 was problematic with Express One Zone. Have you tried upgrading Boto3?
Thanks for the link! I think I need to set up a VPC for my Lambda function.