我有一个flask应用程序,它会调用boto3上传文件,将文件上传到S3存储桶。我以IAM用户的身份进行此调用,因为只有经过身份验证的用户才能进行多部分上传。
以下是将文件上传到S3 bucket的python代码部分:
s3_client = boto3.client('s3', aws_access_key_id=ACCESS_KEY, aws_secret_access_key=SECRET_KEY)
response = s3_client.upload_file(file_name, bucket, object_name)
S3存储桶策略:
{
"Version": "2012-10-17",
"Id": "Policy*********",
"Statement": [
{
"Sid": "Stmt*********",
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::12******756:user/<iam-user>"
},
"Action": [
"s3:*",
"s3:PutObject",
"s3:GetObject",
"s3:DeleteObject",
"s3:*Object"
],
"Resource": [
"arn:aws:s3:::<bucketname>",
"arn:aws:s3:::<bucketname>/*"
]
}
]
}
IAM用户策略:
- 我已将以下权限以及AmazonS3FullAccess(AWS管理的策略(分配给IAM用户-
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"s3:GetAccessPoint",
"s3:PutAccountPublicAccessBlock",
"s3:GetAccountPublicAccessBlock",
"s3:ListAllMyBuckets",
"s3:ListAccessPoints",
"s3:ListJobs",
"s3:CreateJob",
"s3:PutObject"
],
"Resource": "*"
},
{
"Sid": "VisualEditor1",
"Effect": "Allow",
"Action": "s3:*",
"Resource": "arn:aws:s3:::*"
},
{
"Sid": "VisualEditor2",
"Effect": "Allow",
"Action": "s3:*",
"Resource": "arn:aws:s3:::*/*"
}
]
}
然而,我仍然看到错误——";调用PutObject操作时发生错误(AccessDenied(:Access Denied";。
任何关于如何解决这一问题的建议都将对非常有用
编辑:在此处添加错误和堆栈跟踪:
Traceback (most recent call last):
File "/Users/se/lib/python3.7/site-packages/boto3/s3/transfer.py", line 279, in upload_file
future.result()
File "/Users/se/lib/python3.7/site-packages/s3transfer/futures.py", line 106, in result
return self._coordinator.result()
File "/Users/se/lib/python3.7/site-packages/s3transfer/futures.py", line 265, in result
raise self._exception
File "/Users/se/lib/python3.7/site-packages/s3transfer/tasks.py", line 126, in __call__
return self._execute_main(kwargs)
File "/Users/se/lib/python3.7/site-packages/s3transfer/tasks.py", line 150, in _execute_main
return_value = self._main(**kwargs)
File "/Users/se/lib/python3.7/site-packages/s3transfer/upload.py", line 692, in _main
client.put_object(Bucket=bucket, Key=key, Body=body, **extra_args)
File "/Users/se/lib/python3.7/site-packages/botocore/client.py", line 276, in _api_call
return self._make_api_call(operation_name, kwargs)
File "/Users/se/lib/python3.7/site-packages/botocore/client.py", line 586, in _make_api_call
raise error_class(parsed_response, operation_name)
botocore.exceptions.ClientError: An error occurred (AccessDenied) when calling the PutObject operation: Access Denied
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "moveToS3.py", line 76, in <module>
main()
File "moveToS3.py", line 65, in main
response = upload_file(file_name, bucket_name, object_name)
File "moveToS3.py", line 39, in upload_file
response = s3_client.upload_file(file_name, bucket, object_name)
File "/Users/se/lib/python3.7/site-packages/boto3/s3/inject.py", line 131, in upload_file
extra_args=ExtraArgs, callback=Callback)
File "/Users/se/lib/python3.7/site-packages/boto3/s3/transfer.py", line 287, in upload_file
filename, '/'.join([bucket, key]), e))
boto3.exceptions.S3UploadFailedError: Failed to upload output1.txt to <bucketname>/01-12-2020 06:54:36 output.txt: An error occurred (AccessDenied) when calling the PutObject operation: Access Denied
我看到,您正在使用upload_file函数,并将file_name、bucket和object_key作为参数传递给该函数。
根据错误日志,bucket的值为<bucketname>,object_key为01-12-2020 06:54:36 output.txt。我相信,一旦你通过了适当的值,这应该对你的有效
突出问题的错误日志:
boto3.exceptions.S3UploadFailedError:无法将output1.txt上载到<桶名>01-12-2020 06:54:36 output.txt:调用PutObject操作时发生错误(AccessDenied(:Access Denied