👀 Views: 485 💬 Answers: 1 📅 Created: 2025-06-14

oci api-gateway object-storage permissions Python

After trying multiple solutions online, I still can't figure this out. I'm working with a frustrating scenario while trying to access a private bucket in OCI Object Storage through an API Gateway. I've configured the API Gateway to invoke a function that accesses the bucket, but I'm receiving a `403 Forbidden` behavior. I ensured that the IAM policies allow the necessary permissions for both the API Gateway and the function. Here’s the specific IAM policy I applied: ```plaintext Allow group MyGroup to manage objects in bucket MyPrivateBucket ``` Additionally, I confirmed that the function has the required permissions to access the bucket by adding it to the same group. Here’s the relevant code snippet from my function that tries to access the Object Storage: ```python import oci def get_object(bucket_name, object_name): config = oci.config.from_file() # loads config from ~/.oci/config object_storage_client = oci.object_storage.ObjectStorageClient(config) try: response = object_storage_client.get_object(bucket_name, object_name) return response.data.content except oci.exceptions.ServiceError as e: print(f'behavior: {e}') # This is where I see the behavior ``` I also checked the API Gateway configuration and made sure that the backend type is set to `Function`, and the proper function endpoint is specified. Despite all these checks, I'm still exploring with the 403 behavior. Any suggestions on what might be going wrong or what additional configurations I should verify? I'm working on a service that needs to handle this. Is there a better approach?