- Create IAM Role with s3 access
- Create Lambda function(delete-s3-file) with Ruby 2.7
require 'aws-sdk-s3'
S3_CLIENT = Aws::S3::Client.new
def lambda_handler(event:, context:)
resp = S3_CLIENT.delete_object({
bucket: event['bucket'],
key: event['file_path']
})
{ statusCode: 200, body: resp.to_h }
end
- Change Retry attempts settings to 0 in Asynchronous invocation section since we don't need to retry in our usecase
- Attach s3 delete access role which is created in step 1
- Create group(ca-next-developers) with s3 access
- Add Lambda invoke access policy
- Edit group -> Permission -> Inline Policies -> Create one
- Choose Policy Generator and click on Select
- Allow AWS lambda InvokeAsync and InvokeFunction
- Add our existing user to group