Closed nitsujri closed 1 week ago
Did you see #1399? It added pulling the session_token from the env as well. Does that resolve the issue?
EDIT: Never mind, it looks like this change is unreleased as of 1.14.3.
@jschneier I just installed 1.14.3 into a fresh venv via pip and storages/backends/s3.py's
get_default_settings()
is still:"security_token": setting( "AWS_SESSION_TOKEN", setting("AWS_SECURITY_TOKEN") ),
Maybe something went wrong with the release?
Did you see #1399? It added pulling the session_token from the env as well. Does that resolve the issue?
Did I not reply to this? So sorry. I tested it the next day and it worked great. Can't wait for the release.
I have the same problem with version 1.14.3. My code runs on AWS Lambda and access to S3 is done via an access policy. So Boto doesn't need any config. But from the error message, it looks like a config has been passed.
An error occurred (InvalidAccessKeyId) when calling the PutObject operation: The AWS Access Key Id you provided does not exist in our records.
Ok I tried the master version and it's working 🍾
@jschneier, can you release a new version please ? It's a pretty critical bug imho.
New release is now out.
Problem
Tickets https://github.com/jschneier/django-storages/issues/1353 and https://github.com/jschneier/django-storages/issues/1361 was hoped to be fixed by https://github.com/jschneier/django-storages/pull/1336 for AWS Lambda/ECS where you can automatically use
AWS_SESSION_TOKEN
, but for me it does not.I got help from AWS Support because I was really confused about where the problem was as it initially appeared as if the Execution Role could list buckets but not read into them and only when I hard coded KeyId+Secret did it work (I think that's what #1353 found too).
Using v1.14.3 I get this error from Django:
An error occurred (InvalidAccessKeyId) when calling the PutObject operation: The AWS Access Key Id you provided does not exist in our records.
AWS Support provided logs where the
Actor
has a<null>
in it:This is a working request using
boto3.Session().client("s3")
directly and ListBuckets.Hack My application relies on the default boto3.Session (all S3 Buckets use the same Execution Role). So this hack works great:
Root Issue It seems like Boto3 sets the credentials terribly for a session if you directly, but only pass
AWS_SESSION_TOKEN
.Honestly I'm unsure what the fix is.
Thanks for this great library though!