python - S3ResponseError: 403 Forbidden using Boto -

-

i have permission problem on s3 bucket when try access files using boto in python. here bucket policy :

{     "version": "2008-10-17",     "id": "policy1407346649831",     "statement": [         {             "sid": "stmt1407346646598",             "effect": "allow",             "principal": {                 "aws": "arn:aws:iam::029030651757:user/my_iam_user"             },             "action": "s3:*",             "resource": ["arn:aws:s3:::my_bucket/*",                          "arn:aws:s3:::my_bucket"]         },         {             "sid": "2",             "effect": "allow",             "principal": {                 "aws": "arn:aws:iam::cloudfront:user/cloudfront origin access identity efus443hmbyf"             },             "action": "s3:getobject",             "resource": ["arn:aws:s3:::my_bucket/*",                          "arn:aws:s3:::my_bucket"]         },         {             "sid": "3",             "effect": "allow",             "principal": {                 "aws": "arn:aws:iam::cloudfront:user/cloudfront origin access identity efus443hmbyf"             },             "action": "s3:putobject",             "resource": "arn:aws:s3:::my_bucket/*"         }     ] }

i have 3 statements. first 1 authorize user my_iam_user access bucket my_bucket, second 1 authorize cloudfront distribution read bucket , last 1 authorize cloudfront distribution write on bucket.

now have files on bucket profile_pictures/15/file1.jpg , profile_pictures/15/file2.jpg. first 1 created using signed url , cloudfront, second 1 put on s3 using boto. try access files using boto. here code:

import boto boto.s3.key import key  s3 = boto.connect_s3(     aws_access_key_id="access_key_of_my_iam_user",     aws_secret_access_key="secret_key_of_my_iam_user" ) bucket = s3.get_bucket("my_bucket", validate=false)  k1 = key(bucket) k1.key = "profile_pictures/15/file1.jpg" k1.get_contents_as_string()   k2 = key(bucket) k2.key = "profile_pictures/15/file2.jpg" k2.get_contents_as_string()

the problem access file1 returns error:

s3responseerror: s3responseerror: 403 forbidden <?xml version="1.0" encoding="utf-8"?> <error><code>accessdenied</code><message>access denied</message><requestid>8c5de910c7b18f9e</requestid><hostid>xiku5q+b0wme3gpunmuod9kpun63t3bfu/rab/wh3rhdmkykorsdqifgyip8zfawmr1apbquefy=</hostid></error>

whereas second 1 success. wrong?

note: time on client running code good.

even though iam user has been granted full access bucket first policy, still not automatically have access file1 because not owner of object (cloudfront is) , have not been granted explicit access object. also, presumably, iam user not owner of bucket.

if @ example 1 on page see identical situation , further explanation of of how object context used determine whether request granted or denied.


Comments

Post a Comment

Popular posts from this blog

Fail to load namespace Spring Security http://www.springframework.org/security/tags -

-
i have problem namespace of spring security on xhtml page. don't understand why can't load uri, , have following issue: whitelabel error page application has no explicit mapping /error, seeing fallback. tue jul 21 16:58:12 utc 2015 there unexpected error (type=not found, status=404). please need help! possible uri has been changed? best regards you using incorrect namespace url. correct url http://www.springframework.org/schema/security the error page seeing spring source website since not recognize url. try visiting http://www.springsource.org/security/tags in browser update : spring security tags used in jsp page correct tag lib declaration is: <%@ taglib prefix="sec" uri="http://www.springframework.org/security/tags" %>
Read more

sql - MySQL query optimization using coalesce -

-
can explain me why second query faster first? (first 1 takes around 40 seconds, second 1 less 0.1) select releases.feature_code, releases.platform_id, version, release_date, general_available, uri, filesize, display_name, feature_name.full_name, if ((select exists(select 1 release_exceptions releases.feature_code = release_exceptions.feature_code , releases.platform_id = release_exceptions.platform_id , releases.version = release_exceptions.version) = 1), 1, 0) release_exceptions releases left outer join platform using(platform_id) left outer join feature_name using(feature_code) order version desc; ~~~ query 2 ------------------ ~~~ select feature_code, version, release_date, general_available, platform_id, uri, filesize, display_name, feature_name.full_name, coalesce(release_exceptions, 0) release_exceptions mus.releases left outer join ( select distinct feature_code, version, platform_id, 1 release_exceptions mus.release_exceptions ) release_exceptions using ...
Read more

unity3d - Unity local avoidance in user created world -

-
i'm using unity3d networked multiplayer online game have large complex 3d terrain scene forest, trees, cliff, hills, mountains, bounders, etc. players can build structures sort of minecraft, , put them anywhere in scene, or move them around anytime. aside human controlled players, there automated ai players , objects animals roaming around scene following path. the problem how make these automated ai players , animals, able navigate around static , dynamic player created structures, because path follow can blocked player created structures, or other players , other ai objects, cliffs etc. have find away around them or on track if tumble down off high cliff example. so made navmesh , used navagents, takes care of static, non moving objects, how make ai players navigate around each other , dynamic structures created players can number in hundreds? i thought of adding navmeshobstacle everything, result in being attached hundreds of objects since user created structures b...
Read more