I’m trying to delete an object from S3 with the JavaScript SDK v3 using the DeleteObjectCommand(), but I’m getting an Access Denied error. The PutObjectCommand and GetObjectCommand functions work perfectly. Here is my delete object code:
import {
S3Client,
DeleteObjectCommand
} from "@aws-sdk/client-s3"
import { configDotenv } from "dotenv";
configDotenv()
const s3Client = new S3Client({
region: 'us-east-1',
credentials: {
accessKeyId: process.env.ACCESS_KEY,
secretAccessKey: process.env.SECRET_ACCESS_KEY
}
});
export const handler = async (event) => {
try {
const key = event.queryStringParameters.key
console.log("Deleting:", key)
const command = new DeleteObjectCommand({
Bucket: 'somethingsold-uploads',
Key: key
})
await s3Client.send(command)
return {
statusCode: '200',
body: JSON.stringify({
message: `Deleted image at path: ${key}`
})
}
}
catch (error) {
console.log('Error:', error)
return {
statusCode: '500',
body: JSON.stringify({
error: error.message
})
}
}
}
I’ve double checked that the key and bucket I’m passing in are correct and that the env variables are correct. But I’m getting the following error:
2024-08-13T15:59:00.691Z 400238a7-8b03-4a98-9674-ced85f765a82 INFO Error: AccessDenied: Access Denied
at throwDefaultError (/var/task/node_modules/@smithy/smithy-client/dist-cjs/index.js:840:20)
at /var/task/node_modules/@smithy/smithy-client/dist-cjs/index.js:849:5
at de_CommandError (/var/task/node_modules/@aws-sdk/client-s3/dist-cjs/index.js:4743:14)
at process.processTicksAndRejections (node:internal/process/task_queues:95:5)
at async /var/task/node_modules/@smithy/middleware-serde/dist-cjs/index.js:35:20
at async /var/task/node_modules/@aws-sdk/middleware-sdk-s3/dist-cjs/index.js:482:18
at async /var/task/node_modules/@smithy/middleware-retry/dist-cjs/index.js:320:38
at async /var/task/node_modules/@aws-sdk/middleware-sdk-s3/dist-cjs/index.js:110:22
at async /var/task/node_modules/@aws-sdk/middleware-sdk-s3/dist-cjs/index.js:138:14
at async /var/task/node_modules/@aws-sdk/middleware-logger/dist-cjs/index.js:34:22 {
‘$fault’: ‘client’,
‘$metadata’: {
httpStatusCode: 403,
requestId: ‘TDBD1YKVQ1WTATJ5’,
extendedRequestId: ‘0rPET2J/xv0W3ammswLIAdSXFIPtKWXdBqkqRFKYFzud6et7DB8LbppFyweDH/yjm+GjPLHGONg=’,
cfId: undefined,
attempts: 1,
totalRetryDelay: 0
},
Code: ‘AccessDenied’,
RequestId: ‘TDBD1YKVQ1WTATJ5’,
HostId: ‘0rPET2J/xv0W3ammswLIAdSXFIPtKWXdBqkqRFKYFzud6et7DB8LbppFyweDH/yjm+GjPLHGONg=’
}
I have full S3 permissions for the IAM user that I’m using to delete the object in my code:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:*",
"s3-object-lambda:*"
],
"Resource": "*"
}
]
}
I’ve attached an IAM role with full S3 permissions to my lambda function:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:*",
"s3-object-lambda:*"
],
"Resource": "*"
}
]
}
And here are my bucket policies:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "Statement1",
"Effect": "Allow",
"Principal": {
"AWS": [
"arn:aws:iam::MY_ACCOUNT_ID:user/Andy_V",
"arn:aws:iam::MY_ACCOUNT_ID:role/service-role/deleteImage-role-slamvt02",
"arn:aws:iam::MY_ACCOUNT_ID:root"
]
},
"Action": "s3:*",
"Resource": [
"arn:aws:s3:::somethingsold-uploads",
"arn:aws:s3:::somethingsold-uploads/*"
]
}
]
}
I’ve looked everywhere and have tried everything, so I’m genuinely confused. Any help is appreciated!
Andy Vu is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
1