从 AWS S3 存储桶加载图像时访问被拒绝错误
[英]Access Denied Error While Loading Images from AWS S3 Buckets
问题描述
I am trying to load my static image files using AWS S3 Buckets in my Django Project, but I am getting access denied error.
我正在尝试使用我的 Django 项目中的 AWS S3 存储桶加载我的 static 图像文件,但我收到拒绝访问错误。 I created a IAM user and granted full access to S3.我创建了一个 IAM 用户并授予对 S3 的完全访问权限。 I also installed django-storages and boto3.我还安装了 django-storages 和 boto3。 I have added 'storages' in INSTALLED_APPS list in settings.py我在 settings.py 的 INSTALLED_APPS 列表中添加了“存储”
This is the error:这是错误:
<Error>
<Code>AccessDenied</Code>
<Message>Access Denied</Message>
<RequestId>41C48F59569D1B9F</RequestId>
<HostId>OBKr0zh+DmpcbvesTTFi9wLmKb4Y8GMgg7knOMKlcVBLkU47SKPEyttj4sUjY3cbu8hkfjCpos0=</HostId>
</Error>
This is my settings.py configuration:这是我的 settings.py 配置:
STATIC_URL = '/static/'
STATICFILES_DIRS = [
os.path.join(BASE_DIR, 'static')
]
MEDIA_URL = '/images/'
MEDIA_ROOT = os.path.join(BASE_DIR, 'static/images')
AWS_ACCESS_KEY_ID = '***'
AWS_SECRET_ACCESS_KEY = '***'
AWS_STORAGE_BUCKET_NAME = 'bucket-name'
AWS_S3_FILE_OVERWRITE = False
AWS_DEFAULT_ACL = None
AWS_S3_REGION_NAME = 'us-east-2'
DEFAULT_FILE_STORAGE = 'storages.backends.s3boto3.S3Boto3Storage'
STATICFILES_STORAGE = 'storages.backends.s3boto3.S3StaticStorage'
This is my CORS code:这是我的 CORS 代码:
[
{
"AllowedHeaders": [
"*"
],
"AllowedMethods": [
"POST",
"GET",
"PUT"
],
"AllowedOrigins": [
"*"
],
"ExposeHeaders": []
}
]
This is my Bucket-Policy:这是我的桶策略:
{
"Version": "2012-10-17",
"Id": "ExamplePolicy01",
"Statement": [
{
"Sid": "PublicReadForGetBucketObjects",
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::sample"
},
"Action": [
"s3:GetObject",
"s3:GetBucketLocation",
"s3:ListBucket"
],
"Resource": [
"arn:aws:s3:::bucket/*",
"arn:aws:s3:::bucket"
]
}
]
}
3 个解决方案
解决方案1
1 已采纳 2021-02-03 21:29:34
First of all, you need to go to Permissions tab and uncheck Block all public access.首先,您需要 go 到 Permissions 选项卡并取消选中 Block all public access。 Then in the properties tab of the bucket there is an option called 'Static Website Hosting'.然后在存储桶的属性选项卡中,有一个名为“静态网站托管”的选项。 You need to enable it and set configurations.您需要启用它并设置配置。 In my case, I used 'Redirect Request' and set the url path as 'http://bucket-name.s3-website.us-east-2.amazonaws.com'就我而言,我使用了“重定向请求”并将 url 路径设置为“http://bucket-name.s3-website.us-east-2.amazonaws.com”
Then, I checked select all box to select all the individual static files and in Actions I selected 'Make Public'然后,我检查了 select 所有框到 select 所有单个 static 文件并在操作中我选择了“公开”
This helped me to load my static files in Django Project.这帮助我在 Django 项目中加载了我的 static 文件。
My CORS code is:我的 CORS 代码是:
[
{
"AllowedHeaders": [
"*"
],
"AllowedMethods": [
"POST",
"GET",
"PUT"
],
"AllowedOrigins": [
"*"
],
"ExposeHeaders": []
}
]
My Bucket Policy is:我的存储桶策略是:
{
"Version": "2012-10-17",
"Id": "ExamplePolicy01",
"Statement": [
{
"Sid": "PublicReadForGetBucketObjects",
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::111122223333:user/bucket"
},
"Action": [
"s3:GetObject",
"s3:GetBucketLocation",
"s3:ListBucket"
],
"Resource": [
"arn:aws:s3:::bucket/*",
"arn:aws:s3:::bucket"
]
}
]
}
解决方案2
1 2021-03-07 00:21:20
Please make sure the bucket policy is in correct format:请确保存储桶策略格式正确:
{
"Version": "2012-10-17",
"Id": "ExamplePolicy01",
"Statement": [
{
"Sid": "PublicReadForGetBucketObjects",
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::111122223333:user/bucket"
},
"Action": [
"s3:GetObject",
"s3:GetBucketLocation",
"s3:ListBucket"
],
"Resource": [
"arn:aws:s3:::bucket/*",
"arn:aws:s3:::bucket"
]
}
]
}
解决方案3
0 2021-02-03 20:37:29
You can just allow public reads on the bucket via the policy Granting Read-Only Permission to an Anonymous User您可以通过将只读权限授予匿名用户的策略来允许对存储桶进行公开读取
{
"Version":"2012-10-17",
"Statement":[
{
"Sid":"PublicRead",
"Effect":"Allow",
"Principal": "*",
"Action":["s3:GetObject","s3:GetObjectVersion"],
"Resource":["arn:aws:s3:::DOC-EXAMPLE-BUCKET/*"]
}
]
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.