[英]AWS Elastic Beanstalk Python Django S3 Access Denied cannot upload / read file
I have deployed Python Django server on AWS Elastic Beanstalk .我已经在AWS Elastic Beanstalk上部署了Python Django服务器。 This is how my settings.py file looks like:这是我的settings.py文件的样子:
# aws settings
AWS_ACCESS_KEY_ID = os.getenv('AWS_ACCESS_KEY_ID')
AWS_SECRET_ACCESS_KEY = os.getenv('AWS_SECRET_ACCESS_KEY')
AWS_STORAGE_BUCKET_NAME = os.getenv('AWS_STORAGE_BUCKET_NAME')
AWS_DEFAULT_ACL = None
AWS_S3_CUSTOM_DOMAIN = f'{AWS_STORAGE_BUCKET_NAME}.s3.amazonaws.com'
AWS_S3_OBJECT_PARAMETERS = {'CacheControl': 'max-age=86400'}
# s3 static settings
STATIC_URL = '/staticfiles/'
STATIC_ROOT = os.path.join(BASE_DIR, 'staticfiles')
# s3 public media settings
PUBLIC_MEDIA_LOCATION = 'media'
MEDIA_URL = f'https://{AWS_S3_CUSTOM_DOMAIN}/{PUBLIC_MEDIA_LOCATION}/'
DEFAULT_FILE_STORAGE = 'hello_django.storage_backends.PublicMediaStorage'
# s3 private media settings
PRIVATE_MEDIA_LOCATION = 'private'
PRIVATE_FILE_STORAGE = 'hello_django.storage_backends.PrivateMediaStorage'
In AWS I created IAM user with AmazonS3FullAccess permission, and I use his AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY in settings.在 AWS 中,我创建了具有AmazonS3FullAccess权限的 IAM 用户,并在设置中使用了他的 AWS_ACCESS_KEY_ID 和 AWS_SECRET_ACCESS_KEY。
The problem is that when I try to read media file from the file link I always get " Access denied " error, even if I specify PublicMediaStorage and give all public access on S3 bucket.问题是当我尝试从文件链接读取媒体文件时,我总是得到“拒绝访问”错误,即使我指定 PublicMediaStorage 并在 S3 存储桶上提供所有公共访问权限。
Also, when I upload file, the folder (eg 'media') in bucket does not get created.此外,当我上传文件时,不会创建存储桶中的文件夹(例如“媒体”)。
Do you have idea what could the problem?你知道可能是什么问题吗?
How about assigning an IAM role to Elastic BeanStalk's IAM instance profile?如何将 IAM 角色分配给 Elastic BeanStalk 的 IAM 实例配置文件? Using IAM roles is more secured than committing your AWS_KEYS in your code.使用 IAM 角色比在代码中提交 AWS_KEYS 更安全。
See -看 -
Content of the first link-第一个链接的内容-
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.