Overview
To allow our AWS Lambda function to write to your S3 bucket from a different AWS account, you need to configure your bucket's permissions correctly. This involves updating the S3 bucket policy and ensuring the correct IAM role permissions are set.
Steps to Configure Your Bucket
1. Identify the IAM Role Used by Our Function
Our function uses the following IAM role to write to your bucket:
arn:aws:iam::774138066351:role/GooseAutomateReportsProd
2. Update Your S3 Bucket Policy
Modify your S3 bucket policy to allow our IAM role to write to your bucket. Follow these steps:
Open the AWS S3 Console.
Navigate to the bucket where we need to write data.
Click on the Permissions tab.
Under Bucket Policy, click Edit.
Add the following policy:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::774138066351:role/GooseAutomateReportsProd"
},
"Action": [
"s3:PutObject",
"s3:PutObjectAcl"
],
"Resource": "arn:aws:s3:::[BUCKET_NAME]/*"
}
]
}
Replace
[BUCKET_NAME]with your actual bucket name.Click Save Changes.
3. Confirm Bucket Encryption Settings (If Applicable)
If your bucket enforces server-side encryption (SSE), ensure it allows objects encrypted with either SSE-S3 or SSE-KMS with a key that our function can access. If using SSE-KMS, you may need to update your KMS key policy.
Once these steps are completed, our function should be able to write to your S3 bucket. If you encounter any issues, please provide us with any error messages so we can help troubleshoot further.