为什么 boto3 在 EC2 上的 Django 中无法识别我的 AWS_ACCESS_KEY_ID？

Question

I was connecting the S3 to Django on EC2.
I confirmed that it works on the my computer (window),
but when I uploaded it to AWS EC2 Ubuntu and ran it,
I saw the following message. when i ran python manage.py commands

File "/home/ubuntu/django/e/lib/python3.6/site-packages/botocore/session.py", line 821, in create_client aws_secret_access_key)) **botocore.exceptions.PartialCredentialsError: Partial credentials found in explicit, missing: aws_secret_access_key**

But I think I set it up correctly. in my settings.py

AWS_S3_HOST = 's3.me-south-1.amazonaws.com'
AWS_S3_REGION_NAME= config('AWS_S3_REGION_NAME')
AWS_ACCESS_KEY_ID = config('AWS_ACCESS_KEY_ID')
AWS_SECRET_ACCESS_kEY = config('AWS_SECRET_ACCESS_kEY')
AWS_STORAGE_BUCKET_NAME = config('AWS_STORAGE_BUCKET_NAME')

I tried

1. Give IAM permission on EC2
2. Delete EC2 retry
3. set env var via export
4. throw away virtualenv and try
5. install awscli and configure it
6. s3 bucket policy configure
7. tried to write it inline because it might not be able to refer to the .env file, but it gave me same message.

I struggled with this problem all day today. When it comes to AWS Config, I think I've tried everything I can. If you have any guesses about the cause of this problem, please give me a hint.

And I only think boto3 looks up keys in a peculiar way on EC2

AWS role setting worked correctly :) And i notice that I should set setting.py AWS_SECRET_ACCESS_kEY and AWS_ACCESS_KEY_ID None when i am using EC2 with IAM role

Answer 1

The real way to resolve this issue is by using EC2 InstanceProfiles linked to an IAM role STS permissions granted to EC2.

It's a bad practice to store your AWS credentials on an instance and you should definitely avoid it.

Create an IAM role with the appropriate permissions and attach it to the instance by selecting "Modify IAM role" when right clicking on it in the console.