how to to use AWS CDK to deploy a Lambda function with an S3 trigger due to permissions guide
I tried several approaches but none seem to work. I'm working on a personal project and This might be a silly question, but I'm trying to deploy an AWS Lambda function using the AWS CDK (version 2.4.0) that should be triggered by an S3 bucket event (specifically `s3:ObjectCreated:*`)..... However, I keep running into permission issues during the deployment. The behavior I'm seeing is: `User: arn:aws:iam::123456789012:user/my-user is not authorized to perform: s3:PutObject on resource: arn:aws:s3:::my-bucket/*`. Here's a simplified version of my CDK stack: ```typescript import * as cdk from 'aws-cdk-lib'; import * as lambda from 'aws-cdk-lib/aws-lambda'; import * as s3 from 'aws-cdk-lib/aws-s3'; import * as s3_notifications from 'aws-cdk-lib/aws-s3-notifications'; export class MyStack extends cdk.Stack { constructor(scope: cdk.App, id: string) { super(scope, id); const bucket = new s3.Bucket(this, 'MyBucket', { removalPolicy: cdk.RemovalPolicy.DESTROY }); const myFunction = new lambda.Function(this, 'MyFunction', { runtime: lambda.Runtime.NODEJS_14_X, handler: 'index.handler', code: lambda.Code.fromAsset('lambda'), }); bucket.addEventNotification(s3.EventType.OBJECT_CREATED, new s3_notifications.LambdaDestination(myFunction)); } } ``` I've ensured that the Lambda function has the necessary permissions, but I suspect that the S3 bucket policy might also need to allow the Lambda function to put objects in it. I tried adding the following policy directly to the bucket, but it doesnβt seem to resolve the scenario: ```json { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Principal": { "Service": "lambda.amazonaws.com" }, "Action": "s3:PutObject", "Resource": "arn:aws:s3:::my-bucket/*" } ] } ``` I've also double-checked the IAM roles and policies, but I'm not sure if I'm missing something specific. Any insights on how to resolve this permissions scenario? Thanks in advance! My development environment is Ubuntu. How would you solve this? My development environment is CentOS. Has anyone dealt with something similar?