无法使用 Remotion 创建 S3 存储桶
自大约2023年4月25日起,AWS在没有额外配置的情况下阻止创建公共存储桶,这使得使用Remotion版本v3.3.86及更早版本创建新的S3存储桶变得不可能。
🌐 Since approximately April 25th 2023, AWS blocks the creation of public buckets without extra configuration, making it impossible to create new S3 buckets with Remotion version v3.3.86 and older.
要使桶创建再次正常工作,你需要升级到更新的 Remotion 版本并更新你的用户策略。
🌐 To make bucket creation work again, you need to upgrade to a newer Remotion version and update your user policy.
问题
🌐 Problem
用户可能会看到一个错误:
🌐 Users might see an error:
InvalidBucketAclWithObjectOwnership: Bucket cannot have ACLs set with ObjectOwnership's BucketOwnerEnforced setting.or
AccessDenied: Access Denied在尝试创建新站点或存储桶时来自 AWS SDK 的信息。
🌐 coming from the AWS SDK when trying to create a new site or bucket.
原因
🌐 Cause
AWS 确实默认将所有存储桶设置为私有,而 Remotion 尝试创建一个公共存储桶。
🌐 AWS does make all buckets private by default and Remotion tries to create a public bucket.
决议
🌐 Resolution
升级到 Remotionv3.3.87 或更高版本。 npx remotion upgrade注意:当你升级 Remotion 时,你也需要部署新的功能。
s3:PutBucketOwnershipControls 和 s3:PutBucketPublicAccessBlock 权限。最简单的方法是复制以下用户策略: 显示最新 Remotion Lambda 版本的完整用户权限 JSON 文件
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "HandleQuotas",
"Effect": "Allow",
"Action": [
"servicequotas:GetServiceQuota",
"servicequotas:GetAWSDefaultServiceQuota",
"servicequotas:RequestServiceQuotaIncrease",
"servicequotas:ListRequestedServiceQuotaChangeHistoryByQuota"
],
"Resource": [
"*"
]
},
{
"Sid": "PermissionValidation",
"Effect": "Allow",
"Action": [
"iam:SimulatePrincipalPolicy"
],
"Resource": [
"*"
]
},
{
"Sid": "LambdaInvokation",
"Effect": "Allow",
"Action": [
"iam:PassRole"
],
"Resource": [
"arn:aws:iam::*:role/remotion-lambda-role"
]
},
{
"Sid": "Storage",
"Effect": "Allow",
"Action": [
"s3:GetObject",
"s3:DeleteObject",
"s3:PutObjectAcl",
"s3:PutObject",
"s3:CreateBucket",
"s3:ListBucket",
"s3:GetBucketLocation",
"s3:PutBucketAcl",
"s3:DeleteBucket",
"s3:PutBucketOwnershipControls",
"s3:PutBucketPublicAccessBlock",
"s3:PutBucketPolicy",
"s3:PutLifecycleConfiguration"
],
"Resource": [
"arn:aws:s3:::remotionlambda-*"
]
},
{
"Sid": "BucketListing",
"Effect": "Allow",
"Action": [
"s3:ListAllMyBuckets"
],
"Resource": [
"*"
]
},
{
"Sid": "FunctionListing",
"Effect": "Allow",
"Action": [
"lambda:ListFunctions",
"lambda:GetFunction"
],
"Resource": [
"*"
]
},
{
"Sid": "FunctionManagement",
"Effect": "Allow",
"Action": [
"lambda:InvokeAsync",
"lambda:InvokeFunction",
"lambda:CreateFunction",
"lambda:DeleteFunction",
"lambda:PutFunctionEventInvokeConfig",
"lambda:PutRuntimeManagementConfig",
"lambda:TagResource"
],
"Resource": [
"arn:aws:lambda:*:*:function:remotion-render-*"
]
},
{
"Sid": "LogsRetention",
"Effect": "Allow",
"Action": [
"logs:CreateLogGroup",
"logs:PutRetentionPolicy"
],
"Resource": [
"arn:aws:logs:*:*:log-group:/aws/lambda/remotion-render-*"
]
},
{
"Sid": "FetchBinaries",
"Effect": "Allow",
"Action": [
"lambda:GetLayerVersion"
],
"Resource": [
"arn:aws:lambda:*:678892195805:layer:remotion-binaries-*",
"arn:aws:lambda:*:580247275435:layer:LambdaInsightsExtension*"
]
}
]
}升级 Remotion Lambda 后,或输入 npx remotion lambda policies user。
🌐 or type in npx remotion lambda policies user after upgrading Remotion Lambda.
在 AWS 控制台中转到 Users 部分,并用上面复制的 JSON 覆盖你的 Remotion Lambda 用户的 JSON 策略。
🌐 Go to the Users section in the AWS console and overwrite the JSON policy of your Remotion Lambda user with the above copied JSON.
你可以通过运行 npx remotion lambda policies validate 来验证它是否有效。
🌐 You can verify that it worked by running npx remotion lambda policies validate.
提醒一下,当你升级到更高版本的 Remotion 时,你也需要重新部署你的网站。
如果有任何值是硬编码的,请在你的应用代码中更新函数和网站名称。
有问题吗?
🌐 Questions?
加入我们的 Discord 社区,获得 Remotion 团队和其他用户的帮助。
🌐 Join our Discord community to get help from the Remotion team and other users.