s3-example | Simple example using micro for uploading stuff to AWS S3 | Microservice library

The comment by Marcin about Lambda execution role put me on the right track. I had followed the below steps previously:

1. Created a policy called greetingsProjectPolicy (with the above mentioned permissions)
2. Attached this policy to greetingsProjectRole.
3. Assigned the greetingsProjectRole to my lambda function.
4. I assumed that was it and the policy should be available to my lambda function.
5. However when I assigned the greetingsProjectRole to the function, internally AWS created a Execution role called greetingsProject-role-zhcbt61o.
6. When I clicked on this role, I was surprised to see that only role it had was the AWSLambdaBasicExecutionRole and the greetingsProjectPolicy was missing.
7. I had to add the greetingsProjectPolicy as a inline policy to greetingsProject-role-zhcbt61o. Now I no longer get the access denied error.

Not sure, if this is how AWS works or I am missing something.

The thing you need to create is called a "Resource-based policy", and is what should be created by aws lambda add-permission.

A Resource-based policy gives S3 permission to invoke your lambda. This is a property on your lambda itself, and is not part of your lambda's IAM role (Your lambda's IAM role controls what your lambda can do, a Resource-based policy controls who can do what to your lambda. You can view this resource in the UI on the aws console by going to your lambda, clicking "Permissions" and scrolling down to "Resource-based policy". The keyword you want to look out for is lambda:InvokeFunction, which is what gives other things permission to call your lambda, including other AWS accounts, and other AWS services on your account (like s3).

That being said, the command you ran should have created this policy. Did you make sure to replace my_account_id with your actual account id when you ran the command?

In addition, make sure you replace --source-arn arn:aws:s3:::file-import with the actual ARN of your bucket (I assume you had to create a bucket with a different name because s3 buckets must have globally unique names, and file-import is almost surely already taken)

From the comments, it has been established that you have a time.Timer for triggering the download. Since this is the case, you only need to create a single session object and it can be re-used as many times as you want. If you read the AWS documentation, you can find this line:

Sessions should be cached when possible, because creating a new Session will load all configuration values from the environment, and config files each time the Session is created.

It is not the piece of code you have provided that is giving the error rather the component is not not declared.

Take it like a simple variable, example, lets say myFunction.myProperty(). Now without 1st declaring what myFunction represents then the code will not work.

In Angular before you can use a component you have to declare the component. To declare a component you need to add the component to the declarations array in the NgModule

In your app.module.ts

Your bucket probably has Amazon S3 block public access activated (which is default).

One of the settings is: "Block public access to buckets and objects granted through new access control lists (ACLs)"

This means that it will block any command (such as yours) that is granting public access via an ACL. Your code is setting the ACL to public-read, which is therefore being blocked.

The intention of S3 Block Public Access is to default to a setting where nothing S3 content will not be accidentally made public. You can deactivate S3 Block Public Access to change this setting.

S3 Block Public Access is relatively new (November 2018), so a lot of articles on the web might have been written before the "block by default" rule came into effect.

This is because you have no s3_client variable. In fact you have a function named s3_client. I fixed this below to call s3_client() instead.

Also keep an eye on aligning for Python.

In the AWS console, click the "Permissions" tab, then on the

1. allow public access to your bucket -> Save -> Confirm it
2. "Bucket policy" button. An editing box will appear. Replace the "arn:aws:s3:::" in the editing box with the part starting with "arn:" shown above your editing box, but be careful to preserve the "/*" at the end of it. Use the following code bellow. Paste in the following:

If you change the disposition to attachment the browser download the file?

This may be related to content-disposition inline value.

Did you checked this question? https://superuser.com/questions/1277819/why-does-chrome-sometimes-download-a-pdf-instead-of-opening-it

Fixed. Despite the misleading fact that static build of ffmpeg from JohnVanSickle.com does run on Amazon EC2 instance of the AMI, mentioned in Lambda environment, same binary fails to execute under AWS Lambda.

I compiled ffmpeg on the AWS EC2 t2.micro instance of the same AMI using markus-perl/ffmpeg-build-script. It also surprised me with an error of aom codec version. Changed one line in the script to disable the aom codec and ffmpeg finally has compiled. Took a couple of hours on the weak t2.micro instance.

The resulting ffmpeg binary is ~10Mb lighter than the static build mentioned above and runs on AWS Lambda just fine!

Hope this will help someone.