By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Flask application deployed through Elasticbean stalk unable to load file in S3

0

Hi,

I am getting below error when trying to upload files in S3 bucket. I checked policies and updated them but still getting error.

2023-01-01T16:08:29.758+05:30
Jan  1 10:38:29 ip-172-31-40-199 web: boto3.exceptions.S3UploadFailedError: Failed to upload static/uploads/alexa.wav to myflask/alexa.wav: An error occurred (AccessDenied) when calling the PutObject operation: Access Denied
Jan 1 10:38:29 ip-172-31-40-199 web: boto3.exceptions.S3UploadFailedError: Failed to upload static/uploads/alexa.wav to myflask/alexa.wav: An error occurred (AccessDenied) when calling the PutObject operation: Access Denied

Jan  1 10:58:40 ip-172-31-40-199 web: ERROR:aws_xray_sdk.core.context:cannot find the current segment/subsegment, please make sure you have a segment open

Bucket is public and policy applied is

{
    "Version": "2008-10-17",
    "Statement": [
        {
            "Sid": "myflask-allow-permission-for-saving-audios",
            "Effect": "Allow",
            "Principal": {
                "AWS": "arn:aws:iam::377727317375:role/aws-elasticbeanstalk-ec2-role"
            },
            "Action": [
                "s3:PutObject",
                "s3:ListBucket",
                "s3:ListBucketVersions",
                "s3:GetObject",
                "s3:GetObjectVersion"
            ],
            "Resource": [
                "arn:aws:s3:::myflask",
                "arn:aws:s3:::myflask/*"
            ]
        }
    ]
}
Topics
ComputeDeveloper ToolsSecurity, Identity, & Compliance
Tags
AWS Elastic BeanstalkAWS X-RayIAM Policies
Language
English
rePost-User-8055548
asked a year ago294 views
2 Answers
0

In addition to the S3 bucket policy, You should verify that your instance has the correct permissions for Amazon S3.
https://aws.amazon.com/premiumsupport/knowledge-center/elastic-beanstalk-s3-bucket-instance/

By default, aws-elasticbeanstalk-ec2-role is attached as an instance profile to the Elastic Beanstalk applications. Please confirm that the role has the permissions including "s3:PutObject"

Kihyeon
answered a year ago
  • rePost-User-8055548
    a year ago

    Hi Kihyeon,

    I searched a lot and later found on a forum that "s3:PutObjectAcl" is also needed along with s3:PutObject, once I added this, it worked perfectly.

  • Kihyeon
    a year ago

    Thank you for updating the status

0

After adding "s3:PutObjectAcl" along with s3:PutObject, it worked perfectly.

rePost-User-8055548
answered a year ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content