Reading CSV file from S3 using Lambda Function-GetObject operation: Access Denied

Solution 1:

Assuming that your S3 bucket is the one in-charge of invoking the lambda function. This will require two parties to have permissions.

1). The bucket needs to have a policy that allows it to trigger the function. 2). The lambda that will pull the CSV files from the bucket needs policy too man. In order to achieve the second part, you might want to consider pre-built policy templates available in SAM templates, this will not only make your policy definition more readable but also limits the actions that your lambda can perform on your buckets. The first sample below showcases how to grant S3 CRUD permissions

S3CsvReactor:
  Type: "AWS::Serverless::Function"
  Name: "csv-process-function"
  Properties:
    CodeUri: csv-processor-function/
    Handler: app.execute
    Timeout: 30 # Seconds
    Runtime: Python 3.8
    MemorySize: 512
    Policies:
      - S3CrudPolicy:
          BucketName: "s3-containing-your-csv"

This example below showcases read-only implementation

S3CsvReactor:
  Type: "AWS::Serverless::Function"
  Name: "csv-process-function"
  Properties:
    CodeUri: csv-processor-function/
    Handler: app.execute
    Timeout: 30 # Seconds
    Runtime: Python 3.8
    MemorySize: 512
    Policies:
      - S3ReadPolicy:
          BucketName: "s3-containing-your-csv"

This example below showcases write-only implementation

S3CsvReactor:
  Type: "AWS::Serverless::Function"
  Name: "csv-process-function"
  Properties:
    CodeUri: csv-processor-function/
    Handler: app.execute
    Timeout: 30 # Seconds
    Runtime: Python 3.8
    MemorySize: 512
    Policies:
      - S3WritePolicy:
          BucketName: "s3-containing-your-csv"