Durch die Nutzung von AWS re:Post stimmt du den AWS re:Post Nutzungsbedingungen
AWS re:Postre:Post

Flask application deployed through Elasticbean stalk unable to load file in S3

0

Hi,

I am getting below error when trying to upload files in S3 bucket. I checked policies and updated them but still getting error.

2023-01-01T16:08:29.758+05:30
Jan  1 10:38:29 ip-172-31-40-199 web: boto3.exceptions.S3UploadFailedError: Failed to upload static/uploads/alexa.wav to myflask/alexa.wav: An error occurred (AccessDenied) when calling the PutObject operation: Access Denied
Jan 1 10:38:29 ip-172-31-40-199 web: boto3.exceptions.S3UploadFailedError: Failed to upload static/uploads/alexa.wav to myflask/alexa.wav: An error occurred (AccessDenied) when calling the PutObject operation: Access Denied

Jan  1 10:58:40 ip-172-31-40-199 web: ERROR:aws_xray_sdk.core.context:cannot find the current segment/subsegment, please make sure you have a segment open

Bucket is public and policy applied is

{
    "Version": "2008-10-17",
    "Statement": [
        {
            "Sid": "myflask-allow-permission-for-saving-audios",
            "Effect": "Allow",
            "Principal": {
                "AWS": "arn:aws:iam::377727317375:role/aws-elasticbeanstalk-ec2-role"
            },
            "Action": [
                "s3:PutObject",
                "s3:ListBucket",
                "s3:ListBucketVersions",
                "s3:GetObject",
                "s3:GetObjectVersion"
            ],
            "Resource": [
                "arn:aws:s3:::myflask",
                "arn:aws:s3:::myflask/*"
            ]
        }
    ]
}
Themen
KalkulationEntwicklertoolsSicherheit, Identität & Konformität
Tags
AWS Elastic BeanstalkAWS X-RayIAM-Richtlinien
Sprache
English
rePost-User-8055548
gefragt vor einem Jahr300 Aufrufe
2 Antworten
0

In addition to the S3 bucket policy, You should verify that your instance has the correct permissions for Amazon S3.
https://aws.amazon.com/premiumsupport/knowledge-center/elastic-beanstalk-s3-bucket-instance/

By default, aws-elasticbeanstalk-ec2-role is attached as an instance profile to the Elastic Beanstalk applications. Please confirm that the role has the permissions including "s3:PutObject"

Kihyeon
beantwortet vor einem Jahr
  • rePost-User-8055548
    vor einem Jahr

    Hi Kihyeon,

    I searched a lot and later found on a forum that "s3:PutObjectAcl" is also needed along with s3:PutObject, once I added this, it worked perfectly.

  • Kihyeon
    vor einem Jahr

    Thank you for updating the status

0

After adding "s3:PutObjectAcl" along with s3:PutObject, it worked perfectly.

rePost-User-8055548
beantwortet vor einem Jahr

Du bist nicht angemeldet. Anmelden um eine Antwort zu veröffentlichen.

Eine gute Antwort beantwortet die Frage klar, gibt konstruktives Feedback und fördert die berufliche Weiterentwicklung des Fragenstellers.

Richtlinien für die Beantwortung von Fragen

Relevanter Inhalt