我对django- storages 有点陌生,我对它的AWS_DEFAULT_ACL设置变量的用途感到困惑。我认为当它设置为 时None,我的 AWS S3 存储桶上的存储桶策略将得到遵守。这似乎确实是真的。
我已关闭对我的存储桶的公共访问权限,并正在使用以下存储桶策略:
{
"Version": "2012-10-17",
"Id": "Policy1621539673651",
"Statement": [
{
"Sid": "Stmt1621539665305",
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::063896663644:user/mylogin"
},
"Action": [
"s3:GetObject",
"s3:GetObjectAcl",
"s3:PutObject",
"s3:PutObjectAcl"
],
"Resource": "arn:aws:s3:::mybucket/*"
},
{
"Sid": "Stmt1621539600741",
"Effect": "Allow",
"Principal": {
"AWS": "*"
},
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::mybucket/static/*"
}
]
}
我可以运行python manage.py collectstatic,它可以毫无问题地上传文件。
但是,如果我将AWS_DEFAULT_ACL更改为'public-read',运行 collectstatic 时会出错。
Copying '/Users/dylan/Dev/myapp/static/css/bootstrap-datetimepicker.css'
Traceback (most recent call last):
File "/Users/dylan/Dev/myapp/./manage.py", line 15, in <module>
execute_from_command_line(sys.argv)
File "/Users/dylan/.local/share/virtualenvs/myapp-MCS7ouoX/lib/python3.9/site-packages/django/core/management/__init__.py", line 401, in execute_from_command_line
utility.execute()
File "/Users/dylan/.local/share/virtualenvs/myapp-MCS7ouoX/lib/python3.9/site-packages/django/core/management/__init__.py", line 395, in execute
self.fetch_command(subcommand).run_from_argv(self.argv)
File "/Users/dylan/.local/share/virtualenvs/myapp-MCS7ouoX/lib/python3.9/site-packages/django/core/management/base.py", line 330, in run_from_argv
self.execute(*args, **cmd_options)
File "/Users/dylan/.local/share/virtualenvs/myapp-MCS7ouoX/lib/python3.9/site-packages/django/core/management/base.py", line 371, in execute
output = self.handle(*args, **options)
File "/Users/dylan/.local/share/virtualenvs/myapp-MCS7ouoX/lib/python3.9/site-packages/django/contrib/staticfiles/management/commands/collectstatic.py", line 194, in handle
collected = self.collect()
File "/Users/dylan/.local/share/virtualenvs/myapp-MCS7ouoX/lib/python3.9/site-packages/django/contrib/staticfiles/management/commands/collectstatic.py", line 118, in collect
handler(path, prefixed_path, storage)
File "/Users/dylan/.local/share/virtualenvs/myapp-MCS7ouoX/lib/python3.9/site-packages/django/contrib/staticfiles/management/commands/collectstatic.py", line 355, in copy_file
self.storage.save(prefixed_path, source_file)
File "/Users/dylan/.local/share/virtualenvs/myapp-MCS7ouoX/lib/python3.9/site-packages/django/core/files/storage.py", line 52, in save
return self._save(name, content)
File "/Users/dylan/.local/share/virtualenvs/myapp-MCS7ouoX/lib/python3.9/site-packages/storages/backends/s3boto3.py", line 447, in _save
obj.upload_fileobj(content, ExtraArgs=params)
File "/Users/dylan/.local/share/virtualenvs/myapp-MCS7ouoX/lib/python3.9/site-packages/boto3/s3/inject.py", line 619, in object_upload_fileobj
return self.meta.client.upload_fileobj(
File "/Users/dylan/.local/share/virtualenvs/myapp-MCS7ouoX/lib/python3.9/site-packages/boto3/s3/inject.py", line 539, in upload_fileobj
return future.result()
File "/Users/dylan/.local/share/virtualenvs/myapp-MCS7ouoX/lib/python3.9/site-packages/s3transfer/futures.py", line 106, in result
return self._coordinator.result()
File "/Users/dylan/.local/share/virtualenvs/myapp-MCS7ouoX/lib/python3.9/site-packages/s3transfer/futures.py", line 265, in result
raise self._exception
File "/Users/dylan/.local/share/virtualenvs/myapp-MCS7ouoX/lib/python3.9/site-packages/s3transfer/tasks.py", line 126, in __call__
return self._execute_main(kwargs)
File "/Users/dylan/.local/share/virtualenvs/myapp-MCS7ouoX/lib/python3.9/site-packages/s3transfer/tasks.py", line 150, in _execute_main
return_value = self._main(**kwargs)
File "/Users/dylan/.local/share/virtualenvs/myapp-MCS7ouoX/lib/python3.9/site-packages/s3transfer/upload.py", line 694, in _main
client.put_object(Bucket=bucket, Key=key, Body=body, **extra_args)
File "/Users/dylan/.local/share/virtualenvs/myapp-MCS7ouoX/lib/python3.9/site-packages/botocore/client.py", line 386, in _api_call
return self._make_api_call(operation_name, kwargs)
File "/Users/dylan/.local/share/virtualenvs/myapp-MCS7ouoX/lib/python3.9/site-packages/botocore/client.py", line 705, in _make_api_call
raise error_class(parsed_response, operation_name)
botocore.exceptions.ClientError: An error occurred (AccessDenied) when calling the PutObject operation: Access Denied
- AWS_DEFAULT_ACL 是否意味着仅当您将存储桶公开给所有人时才使用?
- 如果设置,它是否将给定的 ACL(例如
'public-read')应用于上传的文件? - 使用
'public-read'set,我不能运行 collectstatic 吗?
[我正在探索这一切,因为我无法让我的静态文件对所有人可用,并且想知道 AWS_DEFAULT_ACL 是否有帮助。]
文档没有帮助,我对系统的工作原理很困惑,你可能会说......