24 days ago
My project "a937daee-d5a0-4570-99c0-85481bd87372" has bucket "s3-ikujdzhiibo3l9qeuhsjb6" and as of recent days all S3 operations (List, Head, Put, Get) return AccessDenied. I've tried with a new bucket and fresh credentials and the problem persists. I've found similar issues online (https://station.railway.com/questions/access-denied-on-bucket-d6b1475f), please assist on this matter.
Here's the error message on my backend: "File "/usr/local/lib/python3.12/site-packages/botocore/client.py", line 1094, in _make_api_call
raise error_class(parsed_response, operation_name)
botocore.errorfactory.AccessDenied: An error occurred (AccessDenied) when calling the PutObject operation: Access Denied."
1 Replies
24 days ago
This thread has been marked as public for community involvement, as it does not contain any sensitive or personal information. Any further activity in this thread will be visible to everyone.
Status changed to Open Railway • 24 days ago
24 days ago
Can you confirm that you are using "Bucket=os.environ["BUCKET"]" and not "Bucket=os.environ["RAILWAY_BUCKET_NAME"]"?
For boto3, try:
---
import os
import boto3
from botocore.client import Config
s3 = boto3.client(
"s3",
endpoint_url=os.environ["ENDPOINT"], # e.g. https://storage.railway.app
aws_access_key_id=os.environ["ACCESS_KEY_ID"],
aws_secret_access_key=os.environ["SECRET_ACCESS_KEY"],
region_name=os.environ.get("REGION", "auto"),
config=Config(
signature_version="s3v4",
s3={"addressing_style": "virtual"},
),
)
s3.put_object(
Bucket=os.environ["BUCKET"],
Key="debug-test.txt",
Body=b"hello",
)
---
Path style:
---
import os
import boto3
from botocore.client import Config
s3 = boto3.client(
"s3",
endpoint_url=os.environ["ENDPOINT"],
aws_access_key_id=os.environ["ACCESS_KEY_ID"],
aws_secret_access_key=os.environ["SECRET_ACCESS_KEY"],
region_name=os.environ.get("REGION", "auto"),
config=Config(
signature_version="s3v4",
s3={"addressing_style": "path"},
),
)
s3.put_object(
Bucket=os.environ["BUCKET"],
Key="debug-test.txt",
Body=b"hello",
)
---
Also, ensure boto3 is not silently using AWS credentials boto3 searches multiple config locations, including a passed Config, environment variables, and AWS config files... To avoid accidentally using AWS credentials or stale variables, pass the Railway credentials directly as above and log only safe metadata:
---
print("ENDPOINT:", os.environ.get("ENDPOINT"))
print("REGION:", os.environ.get("REGION"))
print("BUCKET:", os.environ.get("BUCKET"))
print("ACCESS_KEY_ID prefix:", os.environ.get("ACCESS_KEY_ID", "")[:6])
---
Do not log SECRET_ACCESS_KEY.
Status changed to Closed ray-chen • 9 days ago