AWS S3 and Django returns “An error occurred (AccessDenied) when calling the PutObject operation”

问题

I am trying to set up media and static files storage in an AWS S3 bucket, in a Django app, and am getting the following error when I try to run python manage.py collectstatic to put the static files into the bucket:

botocore.exceptions.ClientError: An error occurred (AccessDenied) when calling the PutObject operation: Access Denied

I am running boto3 and django storages. I have trawled through the other answers on here and tried the ideas in there first. My access key etc is correct as I can connect to SES OK. I have CORS configured in the bucket.

My bucket policy is

{
"Id": "Policyxxx",
"Version": "2012-10-17",
"Statement": [
    {
        "Sid": "Stmtxxx",
        "Action": "s3:*",
        "Effect": "Allow",
        "Resource": [
            "arn:aws:s3:::bucketname/*",
            "arn:aws:s3:::bucketname"
        ],
        "Principal": {
            "AWS": [
                "arn:aws:iam::xxxx:user/xxxx"
            ]
        }
    }
]
}

My IAM user has AmazonS3FullAccess as below:

{
"Version": "2012-10-17",
"Statement": [
    {
        "Effect": "Allow",
        "Action": "s3:*",
        "Resource": "*"
    }
]
}

I have also tried creating my own policy and attaching that to the IAM user as follows:

{
"Version": "2012-10-17",
"Statement": [
    {
        "Effect": "Allow",
        "Action": "s3:*",
        "Resource": [
            "arn:aws:s3:::bucketname",
            "arn:aws:s3:::bucketname/*"
        ]
    }
]
}

None of these work so I am clearly missing something.

回答1:

I had the same error. And, unlike you, I was using the right user with proper IAM policies.

In the output of :

python manage.py collectstatic

before the AccessDenied stack error, I could read this message from django-storage lib :

UserWarning: The default behavior of S3Boto3Storage is insecure and will change in django-storages 2.0. By default files and new buckets are saved with an ACL of 'public-read' (globally publicly readable). Version 2.0 will default to using the bucket's ACL. To opt into the new behavior set AWS_DEFAULT_ACL = None, otherwise to silence this warning explicitly set AWS_DEFAULT_ACL. "The default behavior of S3Boto3Storage is insecure and will change "

This led me to try it.

By setting :

AWS_DEFAULT_ACL = None

Then, the static files were collected in the bucket.

来源：https://stackoverflow.com/questions/48722355/aws-s3-and-django-returns-an-error-occurred-accessdenied-when-calling-the-put

标签

django

amazon-web-services

amazon-s3