To start, I'll try and make sure to supply any information that might be needed, and really appreciate any help with this issue. I've been following basic AWS Tutorials for the past couple days to try to build a basic outline for a website idea, but found myself stuck when following this tutorial: https://docs.aws.amazon.com/apigateway/latest/developerguide/integrating-api-with-aws-services-s3.html
The goal with this is to enable my website to CRUD PDF files to an S3 bucket via API Gateway.
So far, I've followed the tutorial steps, set up the S3 Bucket, and attached the role (S3FullAccess) to the different APIs. The result is that, while other requests (GET/POST) seem to be working correctly, DELETE object results in a 405 method not allowed. I've looked around a bunch (been working on this particular issue for the past couple hours) and am at the point of:
- Doubting it's the policy, since JSON shows {"Effect":"Allow", "Action": "s3:*", "Resource": " *"}
- Doubting it's the S3 Bucket, as anything that looks like it could block access has been disabled
- Wondering if Object ACL is the culprit, since the Grantee settings for my objects (S3 Console -> Bucket -> Object -> Permissions) shows that only the "Object owner" has permissions [Object: Read, Object ACL: Read/Write].
So now I'm trying to figure out if sending ACL configuration as part of the Gateway PUT request is the solution (and if so how). Additionally, I might be able to use a lambda function to reconfigure the object's ACL on the event trigger of a PUT request to S3, but that sounds like bad design for what's intended.
Additionally:
- I'm not using Versioning, MFA, Encryption, or Object Lock
- All "Block Public Access" settings are set to Off
- No Bucket Policy is shown (since I'm using IAM)
- AWS Regions are properly selected
Let me know if there's anything you need for additional info (such as screenshots of Gateway, IAM, or S3) and I'll update the post with them.
Thanks so much.
与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
