Request: Getting Access Denied when accessing to media images stored on S3 - Production. See image: https://undercard-18898.s3.amazonaws.com/media/user_photo/userProfile_musk0rL.jpg. Issue seems to happen in Staging too.
Project ID: undercard-18898
cc @mayankkushal @shabeeb
Hi @jorge.m, thanks for reporting this.
Please make sure you are specifying correct object permissions when you upload them.
Everyone should have
@dmitrii.k it was working till a few days back, this issue came recently
Your bucket is configured to be private by default, which will be the default ACL Boto3 inherits, unless you provide an alternative configuration (which you can set through environment variables also).
You’ve also recently updated your
Pipfile.lock, which consequently updated Boto3 for you, and might have included this PR - [s3] Restore AWS_DEFAULT_ACL handling #934, which in turn brought back
AWS_DEFAULT_ACL, that was removed back in 2018.
Looking at permissions set on the objects in your bucket, timestamps of objects with
public-read not being set seem to align with this PR and
AWS_DEFAULT_ACL env var through your CB Dashboard to
public-read and see if that rectifies the issue.
@dmitrii.k just a follow up here. This is an issue in Production and we have some pressure from the client to fix it
@jorge.m, this setting will affect only the files you upload after you’ve set it, files that you’ve uploaded before this setting was set will remain with restricted access. I will set this variable on staging for you, too.
@mayankkushal, please refer to the documentation for Boto3 (links posted above), to make use of the
AWS_DEFAULT_ACL env var, or update your code to specifically pass the permissions you want to set on files.
I’ll DM you temporary keys for your staging bucket.
@dmitrii.k I have tested with new files after setting the var. Same result…