5

My problem is that I cannot upload a file from my deployed project to a S3 bucket, even though I am able to upload from local host. Expect the URL, everything remains the same (headers, body etc.) when I am calling the method.

I am using boto3 to interact with s3 and using created IAM users' credentials. Also, for deployment, I am using AWS Elastic Beanstalk.

Below is the code I am using for uploading;

 def put(self, bytes, data, folder, file_name):
    self.ext = file_name.split(".")[-1]

    if self.__is_audio_ext(self.ext):
        if folder == self.__voice_record:
            self.__create_voice_record(data, folder, file_name)
        elif folder == self.__voice_message:
            self.__create_voice_message(data, folder, file_name)
        else:
            return "Response cannot be constructed."

        self.s3_client.put_object(Body=bytes, Bucket=self.bucket_name, Key=folder + "/" + file_name)

        return "Successfully created at URL " \
               + self.bucket_url + self.bucket_name + "/" + folder + "/" + file_name
    else:
        return "Invalid file type"

Also, below is how I setup the boto3

 def __init__(self):
    self.ext = ""
    self.env = {
        "aws_access_key_id": settings.AWS_ACCESS_KEY_ID,
        "aws_secret_access_key": settings.AWS_SECRET_ACCESS_KEY,
        "region_name": 'eu-central-1'
    }

    self.bucket_name = "********"
    self.session = session.Session(region_name='eu-central-1')
    self.s3_client = self.session.client('s3', config=boto3.session.Config(signature_version='s3v4'))
    self.bucket_url = "http://s3-eu-central-1.amazonaws.com/"

When I make my PUT request to the my server, this is the error I got:

An error occurred (AccessDenied) when calling the PutObject operation: Access Denied"

Note that I created IAM user and give it the full permission of using S3 and I am sure that I am using the right credentials. This can be understood easily from that I can actually upload file from local.

This is why I believe the problem is somewhere between the file in my request and the deployment project. But it does not seem still right to me. Anyway, do not listen to me, I am pretty confused here.

Please do not hesitate asking me about what you do not understand. I may skip clearing some points.

I am working on it for hours and could not come up with any proper solutions, so I will be really glad for any help!

Thanks!

Kutay Demireren
  • 640
  • 1
  • 10
  • 25
  • 1
    What do you mean by "upload file from local"? Do you mean that it works from your own (non-EC2) computer, but doesn't work from an EC2 instance? Does the EC2 instance have an assigned Role with the appropriate permissions, or are you just using specific credentials that you are passing in? If using a Role, does `aws s3 ls` work (to test S3 permissions)? That error message definitely says that the credentials used don't have the necessary access. – John Rotenstein Nov 11 '16 at 01:29
  • 1
    Yeah with local I mean the local host. You got the point right there. I do not play with EC2 instance at all, I give permissions to IAM users. I guess I am just using specific credentials. I am not using any role but still I tested aws s3 ls and it does work. I may missing the part with EC2 instance. If you believe that is the case, can you explain more precisely what to do? – Kutay Demireren Nov 11 '16 at 06:57
  • Are you saying that the code (included in your Question) is deployed via Elastic Beanstalk and run on an Amazon EC2 instance? – John Rotenstein Nov 11 '16 at 07:41
  • put_object is default to allow all from Bucket owner/creator. Did you use different credential for deployed environment? – mootmoot Nov 11 '16 at 10:19
  • 2
    have you got solution ? I am stuck in same issue, please guide me what to do. – Arun Prajapati Dec 23 '19 at 09:28

1 Answers1

2

It's too late but hope fully helpful to other new users. We should attach instance profile to EC2 with right permissions for S3 bucket permission and make sure bucket policy should allow to the role attached to instance.

Follow this link

saranjeet singh
  • 868
  • 6
  • 17
  • 1
    Haven't tried as it is late but answer is very correct indeed. For further developers, hope accepting the answer will lead to some help. – Kutay Demireren Aug 01 '22 at 16:02