0

I'm trying to upload a file to my S3 bucket using Postman PUT request with an excel file (binary). URL for a PUT request is automatically generated using boto3 (Python):

upload_url = s3.generate_presigned_url(
        ClientMethod='put_object',
        Params={'Bucket': bucket_name, 'Key': key},
        ExpiresIn=3600,
        HttpMethod='PUT',)

When I try to upload a file to that URL using PUT and generated URL in Postman I get this:

<?xml version="1.0" encoding="UTF-8"?>
<Error>
    <Code>AccessDenied</Code>
    <Message>Access Denied</Message>
    <RequestId>NumbersAndLetters</RequestId>
    <HostId>NumbersAndLetters</HostId>
</Error>

s3 permissions are:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Principal": {
                "AWS": "arn:aws:iam::12digitnumber:root"
            },
            "Action": "s3:ListBucket",
            "Resource": "arn:aws:s3:::bucket-name"
        },
        {
            "Effect": "Allow",
            "Principal": {
                "AWS": "arn:aws:iam::12digitnumber:root"
            },
            "Action": [
                "s3:PutObject",
                "s3:GetObject",
                "s3:DeleteObject",
                "s3:PutObjectAcl"
            ],
            "Resource": "arn:aws:s3:::bucket-name/*"
        }
    ]
}
Wai Ha Lee
  • 8,598
  • 83
  • 57
  • 92
Eugene Levy
  • 11
  • 2

2 Answers2

0

Eugene,

according to this discussion, you should use the generate_presigned_post function to generate a URL to use to upload your files.

just to make sure, have you double-checked that the credentials used in the boto3 script to generate the pre-signed URL are the same that you have in your s3 policy?

leoandreotti
  • 41
  • 2
0

The problem was in the template.yaml. You have to add the following policies to your function in the template.yaml:

Policies:
    - S3ReadPolicy:
        BucketName: "bucket-name"
    - S3WritePolicy:
        BucketName: "bucket-name"
Eugene Levy
  • 11
  • 2