小贝子编程

(DJANGO+S3)+ZAPPA调用HeadObject操作时发生错误(400):错误请求



我有一个带有django和s3(acl启用private,public(的项目,当我试图通过django管理员将文件上传到特定的s3 bucket时,部署是用zappa完成的。我收到以下错误

错误:

ClientError at /admin/main/document/1/change/
An error occurred (400) when calling the HeadObject operation: Bad Request
Request Method: POST
Request URL:    https://xxxxx.execute-api.us-east-1.amazonaws.com/prd/admin/main/document/1/change/
Django Version: 3.2.3
Exception Type: ClientError
Exception Value:    
An error occurred (400) when calling the HeadObject operation: Bad Request
Exception Location: /var/runtime/botocore/client.py, line 719, in _make_api_call
Python Executable:  /var/lang/bin/python3.8
Python Version: 3.8.13
Python Path:    
['/var/task',
'/opt/python/lib/python3.8/site-packages',
'/opt/python',
'/var/runtime',
'/var/lang/lib/python38.zip',
'/var/lang/lib/python3.8',
'/var/lang/lib/python3.8/lib-dynload',
'/var/lang/lib/python3.8/site-packages',
'/opt/python/lib/python3.8/site-packages',
'/var/task',
'/var/task/odf',
'/var/task/odf',
'/var/task/odf',
'/var/task/odf',
'/var/task/odf',
'/var/task/odf',
'/var/task/odf']
Server time:    Wed, 17 Aug 2022 05:20:25 +0000
/var/task/storages/backends/s3boto3.py, line 469, in exists
self.connection.meta.client.head_object(Bucket=self.bucket_name, Key=name)

zappa_settings.json

{
"prd": {
"aws_region": "us-east-1",
"django_settings": "xxx.settings",
"profile_name": "default",
"project_name": "xxxx",
"runtime": "python3.8",
"s3_bucket": "zappa-xxx-prd",
"environment_variables": {
"AWS_DEFAULT_REGION": "us-east-1",
"AWS_S3_ACCESS_KEY_ID": "xxxxxxx",
"AWS_S3_SECRET_ACCESS_KEY": "xxxxxx",
"AWS_ACCESS_KEY_ID": "xxxxx",
"AWS_SECRET_ACCESS_KEY": "xxxxxx"
}
}
}

用户->aws-configure有了下一个通用策略:

{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"lambda:*",
"s3:*",
"events:*",
"iam:CreateServiceSpecificCredential",
"iam:GetRole",
"iam:CreateRole",
"iam:PutRolePolicy",
"iam:PassRole",
"iam:CreateServiceLinkedRole",
"apigateway:PUT",
"apigateway:DELETE",
"apigateway:PATCH",
"apigateway:POST",
"apigateway:GET",
"logs:DescribeLogStreams",
"logs:FilterLogEvents",
"cloudformation:DescribeStackResource",
"cloudformation:DescribeStacks",
"cloudformation:CreateStack",
"cloudformation:DeleteStack",
"cloudformation:UpdateStack",
"cloudformation:ListStackResources"
],
"Resource": "*"
}
]
}

Zappa lambda执行角色默认值:

{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"logs:*"
],
"Resource": "arn:aws:logs:*:*:*"
},
{
"Effect": "Allow",
"Action": [
"lambda:InvokeFunction"
],
"Resource": [
"*"
]
},
{
"Effect": "Allow",
"Action": [
"xray:PutTraceSegments",
"xray:PutTelemetryRecords"
],
"Resource": [
"*"
]
},
{
"Effect": "Allow",
"Action": [
"ec2:AttachNetworkInterface",
"ec2:CreateNetworkInterface",
"ec2:DeleteNetworkInterface",
"ec2:DescribeInstances",
"ec2:DescribeNetworkInterfaces",
"ec2:DetachNetworkInterface",
"ec2:ModifyNetworkInterfaceAttribute",
"ec2:ResetNetworkInterfaceAttribute"
],
"Resource": "*"
},
{
"Effect": "Allow",
"Action": [
"s3:*"
],
"Resource": "arn:aws:s3:::*"
},
{
"Effect": "Allow",
"Action": [
"kinesis:*"
],
"Resource": "arn:aws:kinesis:*:*:*"
},
{
"Effect": "Allow",
"Action": [
"sns:*"
],
"Resource": "arn:aws:sns:*:*:*"
},
{
"Effect": "Allow",
"Action": [
"sqs:*"
],
"Resource": "arn:aws:sqs:*:*:*"
},
{
"Effect": "Allow",
"Action": [
"dynamodb:*"
],
"Resource": "arn:aws:dynamodb:*:*:*"
},
{
"Effect": "Allow",
"Action": [
"route53:*"
],
"Resource": "*"
}
]
}

Bucket静态acl策略

{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "AllowPublicRead",
"Effect": "Allow",
"Principal": {
"AWS": "*"
},
"Action": "s3:*",
"Resource": "arn:aws:s3:::xxxx-prd-statics/*"
}
]
}

requirements.txt

boto3==1.18.5
botocore==1.21.5
certifi==2021.5.30
click==8.0.1
decorator==5.0.9
Django==3.2.3
django-cors-headers==3.7.0
django-extensions==3.1.3
django-filter==2.4.0
django-import-export==2.5.0
djangorestframework==3.12.4
pip-tools==6.2.0
graphene==2.1.9
graphene-file-upload==1.3.0
psycopg2==2.8.6
psycopg2-binary==2.8.6
python-dateutil==2.8.2
PyYAML==5.4.1
requests==2.26.0
Pillow==9.0.1
zappa==0.55.0
PyJWT==v1.7.1
text-unidecode==1.3
django-graphql-jwt==0.3.0
django-graphql-auth==0.3.14
django-admin-interface==0.18.7
django-storages==1.12.3
django-mptt==0.13.4
awscli==1.20.5

如果有人知道如何解决它,我感谢你,我对aws权限不太了解

我的解决方案是从zappa_settings.json和settings.py 中删除以下属性

"AWS_S3_ACCESS_KEY_ID": "xxxxxxx",
"AWS_S3_SECRET_ACCESS_KEY": "xxxxxx",
"AWS_ACCESS_KEY_ID": "xxxxx",
"AWS_SECRET_ACCESS_KEY": "xxxxxx"

相关内容

  • 没有找到相关文章

最新更新


热门标签:

javascript python java c# php android html jquery c++ css ios sql mysql arrays asp.net json python-3.x ruby-on-rails .net sql-server django objective-c excel regex ruby linux ajax iphone xml vba spring asp.net-mvc database wordpress string postgresql wpf windows xcode bash git oracle list vb.net multithreading eclipse algorithm macos powershell visual-studio image forms numpy scala function api selenium