Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

AWS S3 and Django returns "An error occurred (AccessDenied) when calling the PutObject operation"

Tags:

django

amazon-web-services

amazon-s3

I am trying to set up media and static files storage in an AWS S3 bucket, in a Django app, and am getting the following error when I try to run python manage.py collectstatic to put the static files into the bucket:

botocore.exceptions.ClientError: An error occurred (AccessDenied) when calling the PutObject operation: Access Denied

I am running boto3 and django storages. I have trawled through the other answers on here and tried the ideas in there first. My access key etc is correct as I can connect to SES OK. I have CORS configured in the bucket.

My bucket policy is

{
"Id": "Policyxxx",
"Version": "2012-10-17",
"Statement": [
    {
        "Sid": "Stmtxxx",
        "Action": "s3:*",
        "Effect": "Allow",
        "Resource": [
            "arn:aws:s3:::bucketname/*",
            "arn:aws:s3:::bucketname"
        ],
        "Principal": {
            "AWS": [
                "arn:aws:iam::xxxx:user/xxxx"
            ]
        }
    }
]
}

My IAM user has AmazonS3FullAccess as below:

{
"Version": "2012-10-17",
"Statement": [
    {
        "Effect": "Allow",
        "Action": "s3:*",
        "Resource": "*"
    }
]
}

I have also tried creating my own policy and attaching that to the IAM user as follows:

{
"Version": "2012-10-17",
"Statement": [
    {
        "Effect": "Allow",
        "Action": "s3:*",
        "Resource": [
            "arn:aws:s3:::bucketname",
            "arn:aws:s3:::bucketname/*"
        ]
    }
]
}

None of these work so I am clearly missing something.

like image 978
pasta1020 Avatar asked Feb 10 '18 15:02

pasta1020

1 Answers

I had the same error. And, unlike you, I was using the right user with proper IAM policies.

In the output of :

python manage.py collectstatic

before the AccessDenied stack error, I could read this message from django-storage lib :

UserWarning: The default behavior of S3Boto3Storage is insecure and will change in django-storages 2.0. By default files and new buckets are saved with an ACL of 'public-read' (globally publicly readable). Version 2.0 will default to using the bucket's ACL. To opt into the new behavior set AWS_DEFAULT_ACL = None, otherwise to silence this warning explicitly set AWS_DEFAULT_ACL. "The default behavior of S3Boto3Storage is insecure and will change "

This led me to try it.

By setting :

AWS_DEFAULT_ACL = None

Then, the static files were collected in the bucket.

like image 167
stockersky Avatar answered Oct 24 '22 06:10

stockersky
Sign in to Comment

Related questions

502 error with nginx + uwsgi +django
Ajax POST not sending data when calling 'request.POST' in Django view
render_to_response gives TemplateDoesNotExist
Format an un-decorated phone number in django?
Submit button no longer works with django crispy forms
Django Queryset: filter by weeks
how to do less than or equal to and greater than equal to in django filter?
How do I redirect domain.com to WWW.domain.com under Django?
Custom user model in admin
Django per user view caching
Django form_valid() and form_invalid() in CreateView not called
Why would you need a slash at the end of a URL?
Where can i get technical information on how the internals of Django works?
Converting a String to List in Python
Understanding Zope internals, from Django eyes
Django: Passing data to view from url dispatcher without including the data in the url?
Change field name in django admin
Deploy to AWS EB failing because of YAML error in python.config
Django Test framework with file based Email backend server
Django custom handler404 shows 404 but gives header 200

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!