Skip to main content

无法使用 Remotion 创建 S3 存储桶

自 2023 年 4 月 25 日左右起,AWS 阻止创建公共存储桶而不进行额外配置,这使得使用 Remotion 版本 v3.3.86 及更早版本无法创建新的 S3 存储桶。

要使存储桶创建再次生效,您需要升级到更新的 Remotion 版本并更新您的用户策略。

问题

用户可能会看到以下错误:

sh
InvalidBucketAclWithObjectOwnership: Bucket cannot have ACLs set with ObjectOwnership's BucketOwnerEnforced setting.
sh
InvalidBucketAclWithObjectOwnership: Bucket cannot have ACLs set with ObjectOwnership's BucketOwnerEnforced setting.

或者

shell
AccessDenied: Access Denied
shell
AccessDenied: Access Denied

这些错误来自 AWS SDK,在尝试创建新站点或存储桶时出现。

原因

AWS 默认将所有存储桶设置为私有,而 Remotion 尝试创建一个公共存储桶。

解决方法

升级到 Remotion v3.3.87 或更高版本。


bash
npx remotion upgrade
bash
npx remotion upgrade
note

注意:升级 Remotion 后,您需要部署新函数。

更改您的策略以授予用户 s3:PutBucketOwnershipControlss3:PutBucketPublicAccessBlock 权限。 最简单的方法是复制以下用户策略:


显示最新 Remotion Lambda 版本的完整用户权限 JSON 文件

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "HandleQuotas",
      "Effect": "Allow",
      "Action": [
        "servicequotas:GetServiceQuota",
        "servicequotas:GetAWSDefaultServiceQuota",
        "servicequotas:RequestServiceQuotaIncrease",
        "servicequotas:ListRequestedServiceQuotaChangeHistoryByQuota"
      ],
      "Resource": [
        "*"
      ]
    },
    {
      "Sid": "PermissionValidation",
      "Effect": "Allow",
      "Action": [
        "iam:SimulatePrincipalPolicy"
      ],
      "Resource": [
        "*"
      ]
    },
    {
      "Sid": "LambdaInvokation",
      "Effect": "Allow",
      "Action": [
        "iam:PassRole"
      ],
      "Resource": [
        "arn:aws:iam::*:role/remotion-lambda-role"
      ]
    },
    {
      "Sid": "Storage",
      "Effect": "Allow",
      "Action": [
        "s3:GetObject",
        "s3:DeleteObject",
        "s3:PutObjectAcl",
        "s3:PutObject",
        "s3:CreateBucket",
        "s3:ListBucket",
        "s3:GetBucketLocation",
        "s3:PutBucketAcl",
        "s3:DeleteBucket",
        "s3:PutBucketOwnershipControls",
        "s3:PutBucketPublicAccessBlock",
        "s3:PutLifecycleConfiguration"
      ],
      "Resource": [
        "arn:aws:s3:::remotionlambda-*"
      ]
    },
    {
      "Sid": "BucketListing",
      "Effect": "Allow",
      "Action": [
        "s3:ListAllMyBuckets"
      ],
      "Resource": [
        "*"
      ]
    },
    {
      "Sid": "FunctionListing",
      "Effect": "Allow",
      "Action": [
        "lambda:ListFunctions",
        "lambda:GetFunction"
      ],
      "Resource": [
        "*"
      ]
    },
    {
      "Sid": "FunctionManagement",
      "Effect": "Allow",
      "Action": [
        "lambda:InvokeAsync",
        "lambda:InvokeFunction",
        "lambda:CreateFunction",
        "lambda:DeleteFunction",
        "lambda:PutFunctionEventInvokeConfig",
        "lambda:PutRuntimeManagementConfig",
        "lambda:TagResource"
      ],
      "Resource": [
        "arn:aws:lambda:*:*:function:remotion-render-*"
      ]
    },
    {
      "Sid": "LogsRetention",
      "Effect": "Allow",
      "Action": [
        "logs:CreateLogGroup",
        "logs:PutRetentionPolicy"
      ],
      "Resource": [
        "arn:aws:logs:*:*:log-group:/aws/lambda/remotion-render-*"
      ]
    },
    {
      "Sid": "FetchBinaries",
      "Effect": "Allow",
      "Action": [
        "lambda:GetLayerVersion"
      ],
      "Resource": [
        "arn:aws:lambda:*:678892195805:layer:remotion-binaries-*",
        "arn:aws:lambda:*:580247275435:layer:LambdaInsightsExtension*"
      ]
    }
  ]
}

或者在升级 Remotion Lambda 后键入 npx remotion lambda policies user

转到 AWS 控制台的 用户 部分,并用上述复制的 JSON 覆盖您的 Remotion Lambda 用户的 JSON 策略。

您可以通过运行 npx remotion lambda policies validate 来验证是否成功。

重新部署您的函数。 您无需删除旧函数,因为这可能会导致应用程序停机。

作为提醒,当您升级到更高的 Remotion 版本时,您还需要重新部署您的站点。

如果有任何硬编码的值,请在您的应用程序代码中更新函数和站点名称。

有问题吗?

加入我们的 Discord 社区,从 Remotion 团队和其他用户那里获取帮助。