I am trying to create presigned urls for clients to upload files via s3. I want these files to be created using lambda so I can verify client authorisation prior to generating the url.
When I run the code locally, everything works perfectly. However, when deployed to lambda I get a CredentialsProviderError I have attached full permissions over my bucket to my lambda role via both my lambda role IAM and also in bucket permissions.
The code I am using is taken from Create a presigned URL for Amazon S3 using an AWS SDK and is as below:
const createPresignedUrlWithoutClient = async (key) => {
const url = parseUrl(`https://${BUCKET_NAME}.s3.${LOCATION}.amazonaws.com/${key}`);
const presigner = new S3RequestPresigner({
credentials: fromIni(),
region: LOCATION,
sha256: Hash.bind(null, "sha256"),
});
const signedUrlObject = await presigner.presign(
new HttpRequest({ ...url, method: "PUT" }),
);
return formatUrl(signedUrlObject);
};
fromIni() would only work in an AWS Lambda environment if you also packaged a credentials INI file into your Lambda function's deployment artifact. And even then it would be in a different location on the file system than the default location fromIni() will be looking at.
I suggest using fromEnv() in the AWS Lambda environment.