Reputation: 69
Boto3 Upload file API as an IAM user is giving the error "An error occurred (AccessDenied) when calling the PutObject operation: Access Denied"
I have a flask application that makes a boto3 upload file call to upload a file to an S3 bucket. I am making this call as an IAM user since only authenticated users can make a multipart upload.
Here is the part of the python code that uploads the file onto S3 bucket:
s3_client = boto3.client('s3', aws_access_key_id=ACCESS_KEY, aws_secret_access_key=SECRET_KEY)
response = s3_client.upload_file(file_name, bucket, object_name)
S3 bucket policy:
{
"Version": "2012-10-17",
"Id": "Policy*********",
"Statement": [
{
"Sid": "Stmt*********",
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::12******756:user/<iam-user>"
},
"Action": [
"s3:*",
"s3:PutObject",
"s3:GetObject",
"s3:DeleteObject",
"s3:*Object"
],
"Resource": [
"arn:aws:s3:::<bucketname>",
"arn:aws:s3:::<bucketname>/*"
]
}
]
}
IAM user policy:
- I have assigned the following permissions to the IAM user along with AmazonS3FullAccess (AWS managed policy) -
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"s3:GetAccessPoint",
"s3:PutAccountPublicAccessBlock",
"s3:GetAccountPublicAccessBlock",
"s3:ListAllMyBuckets",
"s3:ListAccessPoints",
"s3:ListJobs",
"s3:CreateJob",
"s3:PutObject"
],
"Resource": "*"
},
{
"Sid": "VisualEditor1",
"Effect": "Allow",
"Action": "s3:*",
"Resource": "arn:aws:s3:::*"
},
{
"Sid": "VisualEditor2",
"Effect": "Allow",
"Action": "s3:*",
"Resource": "arn:aws:s3:::*/*"
}
]
}
However, I am still seeing the error - "An error occurred (AccessDenied) when calling the PutObject operation: Access Denied".
Any suggestions on how to fix this will be very helpful
EDIT: Adding the error and stack trace here:
Traceback (most recent call last):
File "/Users/se/lib/python3.7/site-packages/boto3/s3/transfer.py", line 279, in upload_file
future.result()
File "/Users/se/lib/python3.7/site-packages/s3transfer/futures.py", line 106, in result
return self._coordinator.result()
File "/Users/se/lib/python3.7/site-packages/s3transfer/futures.py", line 265, in result
raise self._exception
File "/Users/se/lib/python3.7/site-packages/s3transfer/tasks.py", line 126, in __call__
return self._execute_main(kwargs)
File "/Users/se/lib/python3.7/site-packages/s3transfer/tasks.py", line 150, in _execute_main
return_value = self._main(**kwargs)
File "/Users/se/lib/python3.7/site-packages/s3transfer/upload.py", line 692, in _main
client.put_object(Bucket=bucket, Key=key, Body=body, **extra_args)
File "/Users/se/lib/python3.7/site-packages/botocore/client.py", line 276, in _api_call
return self._make_api_call(operation_name, kwargs)
File "/Users/se/lib/python3.7/site-packages/botocore/client.py", line 586, in _make_api_call
raise error_class(parsed_response, operation_name)
botocore.exceptions.ClientError: An error occurred (AccessDenied) when calling the PutObject operation: Access Denied
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "moveToS3.py", line 76, in <module>
main()
File "moveToS3.py", line 65, in main
response = upload_file(file_name, bucket_name, object_name)
File "moveToS3.py", line 39, in upload_file
response = s3_client.upload_file(file_name, bucket, object_name)
File "/Users/se/lib/python3.7/site-packages/boto3/s3/inject.py", line 131, in upload_file
extra_args=ExtraArgs, callback=Callback)
File "/Users/se/lib/python3.7/site-packages/boto3/s3/transfer.py", line 287, in upload_file
filename, '/'.join([bucket, key]), e))
boto3.exceptions.S3UploadFailedError: Failed to upload output1.txt to <bucketname>/01-12-2020 06:54:36 output.txt: An error occurred (AccessDenied) when calling the PutObject operation: Access Denied
Upvotes: 0
Views: 849
Answers (1)
Reputation: 1058
I see that, you are using upload_file function and passing file_name, bucket and object_key as arguments to this function.
according to error log , the value of bucket is <bucketname> and object_key is 01-12-2020 06:54:36 output.txt. I believe once you pass appropriate values, this should work for you
Error log which highlights the issue:
boto3.exceptions.S3UploadFailedError: Failed to upload output1.txt to <bucketname>/01-12-2020 06:54:36 output.txt: An error occurred (AccessDenied) when calling the PutObject operation: Access Denied
Upvotes: 0
Related Questions
- boto3.exceptions.S3UploadFailedError: An error occurred (AccessDenied) when calling the PutObject operation: Access Denied
- AWS Boto3 Failure to Upload File Object
- boto3 giving Access Denied error while uploading file through python
- Boto3 returns An error occurred (AccessDenied) when calling the PutObject operation: Access Denied
- Error in uploading file in S3 using boto 3
- Uploading a file through boto3 upload_file api to AWS S3 bucket gives "Anonymous users cannot initiate multipart uploads. Please authenticate." error
- Direct s3 boto3 File Upload: Access Denied
- An error occurred (AccessDenied) when calling the PutObject operation: Access Denied python
- boto3: generate_presigned_url get access denied during upload
- Upload file to AWS S3 using Boto3 with full access permissions