AWS S3 - Able to Upload File from Local but not from Deployed (Access Denied)

Question

My problem is that I cannot upload a file from my deployed project to a S3 bucket, even though I am able to upload from local host. Expect the URL, everything remains the same (headers, body etc.) when I am calling the method.

I am using boto3 to interact with s3 and using created IAM users' credentials. Also, for deployment, I am using AWS Elastic Beanstalk.

Below is the code I am using for uploading;

 def put(self, bytes, data, folder, file_name):
    self.ext = file_name.split(".")[-1]

    if self.__is_audio_ext(self.ext):
        if folder == self.__voice_record:
            self.__create_voice_record(data, folder, file_name)
        elif folder == self.__voice_message:
            self.__create_voice_message(data, folder, file_name)
        else:
            return "Response cannot be constructed."

        self.s3_client.put_object(Body=bytes, Bucket=self.bucket_name, Key=folder + "/" + file_name)

        return "Successfully created at URL " \
               + self.bucket_url + self.bucket_name + "/" + folder + "/" + file_name
    else:
        return "Invalid file type"

Also, below is how I setup the boto3

 def __init__(self):
    self.ext = ""
    self.env = {
        "aws_access_key_id": settings.AWS_ACCESS_KEY_ID,
        "aws_secret_access_key": settings.AWS_SECRET_ACCESS_KEY,
        "region_name": 'eu-central-1'
    }

    self.bucket_name = "********"
    self.session = session.Session(region_name='eu-central-1')
    self.s3_client = self.session.client('s3', config=boto3.session.Config(signature_version='s3v4'))
    self.bucket_url = "http://s3-eu-central-1.amazonaws.com/"

When I make my PUT request to the my server, this is the error I got:

An error occurred (AccessDenied) when calling the PutObject operation: Access Denied"

Note that I created IAM user and give it the full permission of using S3 and I am sure that I am using the right credentials. This can be understood easily from that I can actually upload file from local.

This is why I believe the problem is somewhere between the file in my request and the deployment project. But it does not seem still right to me. Anyway, do not listen to me, I am pretty confused here.

Please do not hesitate asking me about what you do not understand. I may skip clearing some points.

I am working on it for hours and could not come up with any proper solutions, so I will be really glad for any help!

Thanks!

Answer 1

It's too late but hope fully helpful to other new users. We should attach instance profile to EC2 with right permissions for S3 bucket permission and make sure bucket policy should allow to the role attached to instance.

Follow this link