Acces denied on S3 Bucket
deskkeco
PROOP

2 months ago

My project "a937daee-d5a0-4570-99c0-85481bd87372" has bucket "s3-ikujdzhiibo3l9qeuhsjb6" and as of recent days all S3 operations (List, Head, Put, Get) return AccessDenied. I've tried with a new bucket and fresh credentials and the problem persists. I've found similar issues online (https://station.railway.com/questions/access-denied-on-bucket-d6b1475f), please assist on this matter.

Here's the error message on my backend: "File "/usr/local/lib/python3.12/site-packages/botocore/client.py", line 1094, in _make_api_call

raise error_class(parsed_response, operation_name)

botocore.errorfactory.AccessDenied: An error occurred (AccessDenied) when calling the PutObject operation: Access Denied."

Closed$20 Bounty

1 Replies

Railway
BOT

2 months ago

This thread has been marked as public for community involvement, as it does not contain any sensitive or personal information. Any further activity in this thread will be visible to everyone.

Status changed to Open Railway 2 months ago


moeamine
FREE

2 months ago

Can you confirm that you are using "Bucket=os.environ["BUCKET"]" and not "Bucket=os.environ["RAILWAY_BUCKET_NAME"]"?

For boto3, try:

---

import os

import boto3

from botocore.client import Config

s3 = boto3.client(

"s3",

endpoint_url=os.environ["ENDPOINT"], # e.g. https://storage.railway.app

aws_access_key_id=os.environ["ACCESS_KEY_ID"],

aws_secret_access_key=os.environ["SECRET_ACCESS_KEY"],

region_name=os.environ.get("REGION", "auto"),

config=Config(

signature_version="s3v4",

s3={"addressing_style": "virtual"},

),

)

s3.put_object(

Bucket=os.environ["BUCKET"],

Key="debug-test.txt",

Body=b"hello",

)

---

Path style:

---

import os

import boto3

from botocore.client import Config

s3 = boto3.client(

"s3",

endpoint_url=os.environ["ENDPOINT"],

aws_access_key_id=os.environ["ACCESS_KEY_ID"],

aws_secret_access_key=os.environ["SECRET_ACCESS_KEY"],

region_name=os.environ.get("REGION", "auto"),

config=Config(

signature_version="s3v4",

s3={"addressing_style": "path"},

),

)

s3.put_object(

Bucket=os.environ["BUCKET"],

Key="debug-test.txt",

Body=b"hello",

)

---

Also, ensure boto3 is not silently using AWS credentials boto3 searches multiple config locations, including a passed Config, environment variables, and AWS config files... To avoid accidentally using AWS credentials or stale variables, pass the Railway credentials directly as above and log only safe metadata:

---

print("ENDPOINT:", os.environ.get("ENDPOINT"))

print("REGION:", os.environ.get("REGION"))

print("BUCKET:", os.environ.get("BUCKET"))

print("ACCESS_KEY_ID prefix:", os.environ.get("ACCESS_KEY_ID", "")[:6])

---

Do not log SECRET_ACCESS_KEY.


Status changed to Closed ray-chen about 2 months ago


Welcome!

Sign in to your Railway account to join the conversation.

Loading...