Here's the bucket policy for uploading to a specific bucket, in this case static
.
{
"Version": "2008-10-17",
"Id": "StaticAndMediaPermissions",
"Statement": [
{
"Sid": "AllowAnybodyToGetBucketLocation",
"Effect": "Allow",
"Principal": {
"AWS": "*"
},
"Action": "s3:GetBucketLocation",
"Resource": "arn:aws:s3:::<bucket_name>"
},
{
"Sid": "AllowCollectstaticUserToListStaticDirectory",
"Effect": "Allow",
"Principal": {
"AWS": "<collectstatic_user_arn_from_iam_user_summary>"
},
"Action": [
"s3:ListBucket",
"s3:ListBucketMultipartUploads"
],
"Resource": [
"arn:aws:s3:::<bucket_name>",
"arn:aws:s3:::<bucket_name>/static"
]
},
{
"Sid": "AllowCollectstaticUserAccessToAllObjectsInStaticDirectory",
"Effect": "Allow",
"Principal": {
"AWS": "<collectstatic_user_arn_from_iam_user_summary>"
},
"Action": [
"s3:AbortMultipartUpload",
"s3:DeleteObject",
"s3:GetObject",
"s3:PutObjectAcl",
"s3:ListMultipartUploadParts",
"s3:PutObject"
],
"Resource": "arn:aws:s3:::<bucket_name>/static/*"
}
]
}
You will still need to add the IAM user policy from my other answer.
Make sure you have the AWS_LOCATION
variable set to /static/
in your settings.py
. If you don't have that set, this will not work.
Sources:
* http://blogs.aws.amazon.com/security/post/Tx1P2T3LFXXCNB5/Writing-IAM-policies-Grant-access-to-user-specific-folders-in-an-Amazon-S3-bucke
- Walked through how to set directory-specific permissions
* https://stackoverflow.com/a/9649233/1999151
- Clued me into using AWS_LOCATION
Alternatively, if you want to have separate directories for static and media files, you will need to follow the directions here:
https://stackoverflow.com/a/10626241/1999151
and remove AWS_LOCATION
from settings.py
.
You will still need to add the IAM user policy from my other answer.
Then you will need to adjust the AWS bucket policy to the following:
{
"Version": "2008-10-17",
"Id": "StaticAndMediaPermissions",
"Statement": [
{
"Sid": "AllowAnybodyToGetBucketLocation",
"Effect": "Allow",
"Principal": {
"AWS": "*"
},
"Action": "s3:GetBucketLocation",
"Resource": "arn:aws:s3:::<bucket_name>"
},
{
"Sid": "AllowCollectstaticUserToListStaticAndMediaDirectories",
"Effect": "Allow",
"Principal": {
"AWS": "<collectstatic_user_arn_from_iam_user_summary>"
},
"Action": [
"s3:ListBucket",
"s3:ListBucketMultipartUploads"
],
"Resource": [
"arn:aws:s3:::<bucket_name>",
"arn:aws:s3:::<bucket_name>/media"
"arn:aws:s3:::<bucket_name>/static"
]
},
{
"Sid": "AllowCollectstaticUserAccessToAllObjectsInStaticAndMediaDirectories",
"Effect": "Allow",
"Principal": {
"AWS": "<collectstatic_user_arn_from_iam_user_summary>"
},
"Action": [
"s3:AbortMultipartUpload",
"s3:DeleteObject",
"s3:GetObject",
"s3:PutObjectAcl",
"s3:ListMultipartUploadParts",
"s3:PutObject"
],
"Resource": [
"arn:aws:s3:::<bucket_name>/media/*",
"arn:aws:s3:::<bucket_name>/static/*"
]
}
]
}