当前位置: 首页 > 知识库问答 >
问题:

Boto3 Upload file API作为IAM用户给出错误“调用PutObject操作时发生错误(AccessDenied):访问拒绝”

居乐池
2023-03-14

我有一个flask应用程序,它调用boto3上传文件来将文件上传到S3存储桶。我以IAM用户的身份打这个电话,因为只有经过身份验证的用户才能进行多部分上传。

下面是将文件上传到S3 bucket的python代码部分:

    s3_client = boto3.client('s3', aws_access_key_id=ACCESS_KEY, aws_secret_access_key=SECRET_KEY)

    response = s3_client.upload_file(file_name, bucket, object_name)

S3存储桶策略:

{
    "Version": "2012-10-17",
    "Id": "Policy*********",
    "Statement": [
        {
            "Sid": "Stmt*********",
            "Effect": "Allow",
            "Principal": {
                "AWS": "arn:aws:iam::12******756:user/<iam-user>"
            },
            "Action": [
                "s3:*",
                "s3:PutObject",
                "s3:GetObject",
                "s3:DeleteObject",
                "s3:*Object"
            ],
            "Resource": [
                "arn:aws:s3:::<bucketname>",
                "arn:aws:s3:::<bucketname>/*"
            ]
        }
    ]
}

IAM用户策略:

  • 我已将以下权限分配给IAM用户以及AmazonS3FullAccess(AWS管理策略)-
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "VisualEditor0",
            "Effect": "Allow",
            "Action": [
                "s3:GetAccessPoint",
                "s3:PutAccountPublicAccessBlock",
                "s3:GetAccountPublicAccessBlock",
                "s3:ListAllMyBuckets",
                "s3:ListAccessPoints",
                "s3:ListJobs",
                "s3:CreateJob",
                "s3:PutObject"
            ],
            "Resource": "*"
        },
        {
            "Sid": "VisualEditor1",
            "Effect": "Allow",
            "Action": "s3:*",
            "Resource": "arn:aws:s3:::*"
        },
        {
            "Sid": "VisualEditor2",
            "Effect": "Allow",
            "Action": "s3:*",
            "Resource": "arn:aws:s3:::*/*"
        }
    ]
}

然而,我仍然看到错误-“调用PutObject操作时发生错误(AccessDenied):拒绝访问”。

任何关于如何解决这个问题的建议都会很有帮助

编辑:在此处添加错误和堆栈跟踪:

Traceback (most recent call last):
  File "/Users/se/lib/python3.7/site-packages/boto3/s3/transfer.py", line 279, in upload_file
    future.result()
  File "/Users/se/lib/python3.7/site-packages/s3transfer/futures.py", line 106, in result
    return self._coordinator.result()
  File "/Users/se/lib/python3.7/site-packages/s3transfer/futures.py", line 265, in result
    raise self._exception
  File "/Users/se/lib/python3.7/site-packages/s3transfer/tasks.py", line 126, in __call__
    return self._execute_main(kwargs)
  File "/Users/se/lib/python3.7/site-packages/s3transfer/tasks.py", line 150, in _execute_main
    return_value = self._main(**kwargs)
  File "/Users/se/lib/python3.7/site-packages/s3transfer/upload.py", line 692, in _main
    client.put_object(Bucket=bucket, Key=key, Body=body, **extra_args)
  File "/Users/se/lib/python3.7/site-packages/botocore/client.py", line 276, in _api_call
    return self._make_api_call(operation_name, kwargs)
  File "/Users/se/lib/python3.7/site-packages/botocore/client.py", line 586, in _make_api_call
    raise error_class(parsed_response, operation_name)
botocore.exceptions.ClientError: An error occurred (AccessDenied) when calling the PutObject operation: Access Denied

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "moveToS3.py", line 76, in <module>
    main()
  File "moveToS3.py", line 65, in main
    response = upload_file(file_name, bucket_name, object_name)
  File "moveToS3.py", line 39, in upload_file
    response = s3_client.upload_file(file_name, bucket, object_name)
  File "/Users/se/lib/python3.7/site-packages/boto3/s3/inject.py", line 131, in upload_file
    extra_args=ExtraArgs, callback=Callback)
  File "/Users/se/lib/python3.7/site-packages/boto3/s3/transfer.py", line 287, in upload_file
    filename, '/'.join([bucket, key]), e))
boto3.exceptions.S3UploadFailedError: Failed to upload output1.txt to <bucketname>/01-12-2020 06:54:36 output.txt: An error occurred (AccessDenied) when calling the PutObject operation: Access Denied

共有1个答案

乐正明辉
2023-03-14

我看到,您正在使用upload_file函数并将file_name、桶和object_key作为该函数的参数。

根据错误日志,bucket的值为

突出问题的错误日志:

boto3.exceptions.上传output1.txt失败

 类似资料: