无法使用 Remotion 创建 S3 存储桶
自 2023 年 4 月 25 日左右起,AWS 阻止创建公共存储桶而不进行额外配置,这使得使用 Remotion 版本 v3.3.86 及更早版本无法创建新的 S3 存储桶。
要使存储桶创建再次生效,您需要升级到更新的 Remotion 版本并更新您的用户策略。
问题
用户可能会看到以下错误:
sh
InvalidBucketAclWithObjectOwnership: Bucket cannot have ACLs set with ObjectOwnership's BucketOwnerEnforced setting.
sh
InvalidBucketAclWithObjectOwnership: Bucket cannot have ACLs set with ObjectOwnership's BucketOwnerEnforced setting.
或者
shell
AccessDenied: Access Denied
shell
AccessDenied: Access Denied
这些错误来自 AWS SDK,在尝试创建新站点或存储桶时出现。
原因
AWS 默认将所有存储桶设置为私有,而 Remotion 尝试创建一个公共存储桶。
解决方法
1 升级到 Remotion v3.3.87
或更高版本。
bash
npx remotion upgrade
bash
npx remotion upgrade
note
注意:升级 Remotion 后,您需要部署新函数。
2 更改您的策略以授予用户 s3:PutBucketOwnershipControls
和 s3:PutBucketPublicAccessBlock
权限。 最简单的方法是复制以下用户策略:
显示最新 Remotion Lambda 版本的完整用户权限 JSON 文件
{ "Version": "2012-10-17", "Statement": [ { "Sid": "HandleQuotas", "Effect": "Allow", "Action": [ "servicequotas:GetServiceQuota", "servicequotas:GetAWSDefaultServiceQuota", "servicequotas:RequestServiceQuotaIncrease", "servicequotas:ListRequestedServiceQuotaChangeHistoryByQuota" ], "Resource": [ "*" ] }, { "Sid": "PermissionValidation", "Effect": "Allow", "Action": [ "iam:SimulatePrincipalPolicy" ], "Resource": [ "*" ] }, { "Sid": "LambdaInvokation", "Effect": "Allow", "Action": [ "iam:PassRole" ], "Resource": [ "arn:aws:iam::*:role/remotion-lambda-role" ] }, { "Sid": "Storage", "Effect": "Allow", "Action": [ "s3:GetObject", "s3:DeleteObject", "s3:PutObjectAcl", "s3:PutObject", "s3:CreateBucket", "s3:ListBucket", "s3:GetBucketLocation", "s3:PutBucketAcl", "s3:DeleteBucket", "s3:PutBucketOwnershipControls", "s3:PutBucketPublicAccessBlock", "s3:PutLifecycleConfiguration" ], "Resource": [ "arn:aws:s3:::remotionlambda-*" ] }, { "Sid": "BucketListing", "Effect": "Allow", "Action": [ "s3:ListAllMyBuckets" ], "Resource": [ "*" ] }, { "Sid": "FunctionListing", "Effect": "Allow", "Action": [ "lambda:ListFunctions", "lambda:GetFunction" ], "Resource": [ "*" ] }, { "Sid": "FunctionManagement", "Effect": "Allow", "Action": [ "lambda:InvokeAsync", "lambda:InvokeFunction", "lambda:CreateFunction", "lambda:DeleteFunction", "lambda:PutFunctionEventInvokeConfig", "lambda:PutRuntimeManagementConfig", "lambda:TagResource" ], "Resource": [ "arn:aws:lambda:*:*:function:remotion-render-*" ] }, { "Sid": "LogsRetention", "Effect": "Allow", "Action": [ "logs:CreateLogGroup", "logs:PutRetentionPolicy" ], "Resource": [ "arn:aws:logs:*:*:log-group:/aws/lambda/remotion-render-*" ] }, { "Sid": "FetchBinaries", "Effect": "Allow", "Action": [ "lambda:GetLayerVersion" ], "Resource": [ "arn:aws:lambda:*:678892195805:layer:remotion-binaries-*", "arn:aws:lambda:*:580247275435:layer:LambdaInsightsExtension*" ] } ] }
或者在升级 Remotion Lambda 后键入 npx remotion lambda policies user
。
转到 AWS 控制台的 用户 部分,并用上述复制的 JSON 覆盖您的 Remotion Lambda 用户的 JSON 策略。
您可以通过运行 npx remotion lambda policies validate
来验证是否成功。
3 重新部署您的函数。 您无需删除旧函数,因为这可能会导致应用程序停机。
4 作为提醒,当您升级到更高的 Remotion 版本时,您还需要重新部署您的站点。
5 如果有任何硬编码的值,请在您的应用程序代码中更新函数和站点名称。