1 Answer
- Newest
- Most votes
- Most comments
1
Is the Django app hosted on EC2?
If hosted on EC2, is the IAM role configured on the EC2?
If an IAM role is set up in EC2, the principal of the bucket policy would need to be the ARN of the IAM role.
The bucket policy would be as follows.
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "Statement1",
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::{ACCOUNT_NUMBER}:role/{IAM_ROLE_NAME}"
},
"Action": "s3:*",
"Resource": ["arn:aws:s3:::{BUCKETNAME}/*", "arn:aws:s3:::{BUCKETNAME}"]
}
]
}
Relevant content
- asked 21 days ago
- AWS OFFICIALUpdated 2 months ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated a year ago
No the app is not currently hosted anywhere. It is under development and I am using a development server ie localhost. I am using boto3 library to allow my app to interface with s3 if that helps.
OK. Understood. In other words, am I correct that you are accessing S3 using an access key? Is access available if block public access is enabled? If the IAM policy is configured correctly, there is no need to disable block public access. Also, is there an error log or other output when accessing the app?
Yes this is correct, I am passing AWS keys as env variables using boto3 library. When I turn on "block public access" I cannot view files in my app even with "Principal": "*" added to policy. However I am still able to retrieve file names from s3 which I cannot do without using AWS keys. The error in my app is: AccessDeniedAccessDenied37083u4932BKHTYTHI/HUSIHIFTUW10= (the numerical portion of error is dummy data).
If the appropriate permissions are attached to the IAM user, there should be no problem disabling public access. By the way, can you share how the code for the part that lists the S3 objects looks like?
I only have 1 IAM user and the permission attached to this user is** AmazonS3FullAccess**. I dont have any other permissions attached to this user. Below is code for s3 objects retrieval. The code shared displays files with no issue if I have "Principal": "*" in the bucket policy + public access enabled. It also grabs file name and displays them in my app regardless of whether public access is enabled or disabled which leads me to believe connection to bucket via code isnt the issue. Ive swapped real bucket name for BUCKET_NAME.