Lambda S3 "NoSuchBucket" error

When the endpoint of an API Gateway is called, it routes the root directory to a lambda. Inside of the lambda code, it calls an S3 bucket for resources.

The S3 bucket exists, and shows in the CLI.

However, when called, the lambda produces this error:

[2024/01/02/[$LATEST]3c62da480c7130f56e469c69da452eb0] 2024-01-02T19:03:09.988Z f6eb8720-f7cd-4f7f-a11d-1a723716583f INFO Error getting page from S3: NoSuchBucket: The specified bucket does not exist

Initially, I thought the issue could have been permissions based, but in the Terraform configuration, the permissions are clearly defined and assigned to the lambda.

module “api_gateway_lambda” {
source = “terraform-aws-modules/lambda/aws”
function_name = “${var.prefix}-api-gateway-lambda”
description = “API Gateway Lambda Function”
handler = “${var.client_name}-missingindex/index.handler”
runtime = var.lambda_runtime
timeout = var.lambda_timeout
memory_size = var.lambda_memory_size
create_package = false
local_existing_package = “${var.client_name}-missingindex.zip”
policy = “arn:aws:iam::aws:policy/AmazonAPIGatewayInvokeFullAccess”

environment_variables = {
“REDIS_ENDPOINT” = var.redis_env
}
vpc_security_group_ids = [
var.redis_sg
]
vpc_subnet_ids = [
var.vpc_private_subnets[0],
var.vpc_private_subnets[1],
var.vpc_private_subnets[2]
]
}
resource “aws_lambda_permission” “root_lambda_invocation” {
statement_id = “AllowExecutionFromAPIGateway”
action = “lambda:InvokeFunction”
function_name = module.api_gateway_lambda.lambda_function_name
principal = “apigateway.amazonaws.com

source_arn = “arn:aws:execute-api:${var.region}:${data.aws_caller_identity.current.account_id}:${aws_api_gateway_rest_api.root.id}///*”
}

resource “aws_iam_role_policy” “lambda_s3_policy” {
name = “${var.prefix}-lambda-s3-policy”
role = module.api_gateway_lambda.lambda_role_name
policy = jsonencode({
Version = “2012-10-17”
Statement = [
{
Sid = “VisualEditor0”
Effect = “Allow”
Action = [
“s3:Get*”
]
Resource = [
“arn:aws:s3:::${var.prefix}”,
“arn:aws:s3:::${var.prefix}/*”
]
}
]
})
}

What could I be missing that’s causing this error?

Hi @shaq

Welcome to LocalStack Discuss :wave:

Permissions should not be an issue in LocalStack unless you enforce them using ENFORCE_IAM=1 in LocalStack Pro. See IAM Policy Enforcement.

You can start LocalStack with the configuration DEBUG=1 to get more detailed logging. I recommend looking into the Lambda logs to see whether the SDK is configured properly (endpoint and region).

How does the Lambda function know which S3 bucket to look for given that no bucket information is passed into the Lambda through environment variables?

Cheers,
Joel

Hi @shaq,

I can’t see your Lambda code, but here are a few things to look into that might throw a NoSuchBucket exception:

  • make sure your S3 client is configured correctly and is pointing to the right endpoint.
  • additionally, check if the path is properly constructed. Some issues can stem from searching for a bucket on the wrong path, such as hardcoding it, instead of letting the SDK client build it.

You can find some extra information here on using your preferred language SDK: Developing with Amazon S3 using the AWS SDKs, and explorers - Amazon Simple Storage Service
Extra question: does your configuration work on the real AWS? If so, this changes the perspective that we investigate from.

Best,
Anca