CODEWITHSUNDEEP
djangoamazon-web-servicesamazon-s3
whitebear
whitebear

Reputation: 12445

Basic idea to access items in S3 bucket from Browser

I use [django-s3direct][1] to upload file to S3 bucket.

Once file is uploaded there comes url appeares here.

https://s3.ap-northeast-1.amazonaws.com/cdk-sample-bk/line-assets/images/e236fc508939466a96df6b6066f418ec/1040

However when accessing from browser, the error comes.

<Error>
<script/>
<Code>AccessDenied</Code>
<Message>Access Denied</Message>
<RequestId>025WQBJQ5K2W5Z5W</RequestId>
<HostId>FF3VeIft8zSQ7mRK1a5e4l8jolxHBB40TEh6cPhW0qQtDqT7k3ptgCQt3/nusiehDIXkgvxXkcc=</HostId>
</Error>

Now I can use s3.ap-northeast-1.amazonaws.com url? or do I need to create access point ?

Access permission is public and bloc public access is off

Bucket policy is like this

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Principal": {
                "AWS": "arn:aws:iam::678100228133:role/st-dev-base-stack-CustomS3AutoDeleteObjectsCustomR-MLBJDQF3OWFJ"
            },
            "Action": [
                "s3:GetBucket*",
                "s3:List*",
                "s3:DeleteObject*"
            ],
            "Resource": [
                "arn:aws:s3:::cdk-st-dev-sample-bk",
                "arn:aws:s3:::cdk-st-dev-sample-bk/*"
            ]
        }
    ]
}

Is there any other things I need to check?

Upvotes: 0

Views: 1022

Answers (1)

alamshafi2263
alamshafi2263

Reputation: 659

As @marcin said you bucket policy only allows the actions for the IAM role arn:aws:iam::678100228133:role/st-dev-base-stack-CustomS3AutoDeleteObjectsCustomR-MLBJDQF3OWFJ. If you want to have all your objects accessible to the public (would not recommend write) you need change your bucket policy as following -

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Principal": "*",
            "Action": [
                "s3:GetBucket*",
                "s3:GetObject",
                "s3:List*",
                "s3:DeleteObject*"
            ],
            "Resource": [
                "arn:aws:s3:::cdk-st-dev-sample-bk",
                "arn:aws:s3:::cdk-st-dev-sample-bk/*"
            ]
        }
    ]
}

The above policy makes all of your bucket objects accessible to the public (also allows the public to delete them!!). My recommendation will be using django-storages and presigned urls allow your users to access your bucket objects.

Upvotes: 2

Related Questions