AWS_DEFAULT_ACL 应该如何在 django-storages 中使用？答案

【问题标题】：How is AWS_DEFAULT_ACL supposed to be used in django-storages?AWS_DEFAULT_ACL 应该如何在 django-storages 中使用？
【发布时间】：2022-05-15 03:37:30
【问题描述】：

我是 django-storages 的新手，我对它的 AWS_DEFAULT_ACL 设置变量的用途感到困惑。我收集到，当它设置为None 时，我的 AWS S3 存储桶上的存储桶策略将得到遵守。这似乎是真的。

我已关闭对我的存储桶的公开访问，并正在使用以下存储桶策略：

{
    "Version": "2012-10-17",
    "Id": "Policy1621539673651",
    "Statement": [
        {
            "Sid": "Stmt1621539665305",
            "Effect": "Allow",
            "Principal": {
                "AWS": "arn:aws:iam::063896663644:user/mylogin"
            },
            "Action": [
                "s3:GetObject",
                "s3:GetObjectAcl",
                "s3:PutObject",
                "s3:PutObjectAcl"
            ],
            "Resource": "arn:aws:s3:::mybucket/*"
        },
        {
            "Sid": "Stmt1621539600741",
            "Effect": "Allow",
            "Principal": {
                "AWS": "*"
            },
            "Action": "s3:GetObject",
            "Resource": "arn:aws:s3:::mybucket/static/*"
        }
    ]
}

我可以运行python manage.py collectstatic，它可以毫无问题地上传文件。

但是，如果我将 AWS_DEFAULT_ACL 更改为 'public-read'，我会在运行 collectstatic 时出错。

Copying '/Users/dylan/Dev/myapp/static/css/bootstrap-datetimepicker.css'
Traceback (most recent call last):
  File "/Users/dylan/Dev/myapp/./manage.py", line 15, in <module>
    execute_from_command_line(sys.argv)
  File "/Users/dylan/.local/share/virtualenvs/myapp-MCS7ouoX/lib/python3.9/site-packages/django/core/management/__init__.py", line 401, in execute_from_command_line
    utility.execute()
  File "/Users/dylan/.local/share/virtualenvs/myapp-MCS7ouoX/lib/python3.9/site-packages/django/core/management/__init__.py", line 395, in execute
    self.fetch_command(subcommand).run_from_argv(self.argv)
  File "/Users/dylan/.local/share/virtualenvs/myapp-MCS7ouoX/lib/python3.9/site-packages/django/core/management/base.py", line 330, in run_from_argv
    self.execute(*args, **cmd_options)
  File "/Users/dylan/.local/share/virtualenvs/myapp-MCS7ouoX/lib/python3.9/site-packages/django/core/management/base.py", line 371, in execute
    output = self.handle(*args, **options)
  File "/Users/dylan/.local/share/virtualenvs/myapp-MCS7ouoX/lib/python3.9/site-packages/django/contrib/staticfiles/management/commands/collectstatic.py", line 194, in handle
    collected = self.collect()
  File "/Users/dylan/.local/share/virtualenvs/myapp-MCS7ouoX/lib/python3.9/site-packages/django/contrib/staticfiles/management/commands/collectstatic.py", line 118, in collect
    handler(path, prefixed_path, storage)
  File "/Users/dylan/.local/share/virtualenvs/myapp-MCS7ouoX/lib/python3.9/site-packages/django/contrib/staticfiles/management/commands/collectstatic.py", line 355, in copy_file
    self.storage.save(prefixed_path, source_file)
  File "/Users/dylan/.local/share/virtualenvs/myapp-MCS7ouoX/lib/python3.9/site-packages/django/core/files/storage.py", line 52, in save
    return self._save(name, content)
  File "/Users/dylan/.local/share/virtualenvs/myapp-MCS7ouoX/lib/python3.9/site-packages/storages/backends/s3boto3.py", line 447, in _save
    obj.upload_fileobj(content, ExtraArgs=params)
  File "/Users/dylan/.local/share/virtualenvs/myapp-MCS7ouoX/lib/python3.9/site-packages/boto3/s3/inject.py", line 619, in object_upload_fileobj
    return self.meta.client.upload_fileobj(
  File "/Users/dylan/.local/share/virtualenvs/myapp-MCS7ouoX/lib/python3.9/site-packages/boto3/s3/inject.py", line 539, in upload_fileobj
    return future.result()
  File "/Users/dylan/.local/share/virtualenvs/myapp-MCS7ouoX/lib/python3.9/site-packages/s3transfer/futures.py", line 106, in result
    return self._coordinator.result()
  File "/Users/dylan/.local/share/virtualenvs/myapp-MCS7ouoX/lib/python3.9/site-packages/s3transfer/futures.py", line 265, in result
    raise self._exception
  File "/Users/dylan/.local/share/virtualenvs/myapp-MCS7ouoX/lib/python3.9/site-packages/s3transfer/tasks.py", line 126, in __call__
    return self._execute_main(kwargs)
  File "/Users/dylan/.local/share/virtualenvs/myapp-MCS7ouoX/lib/python3.9/site-packages/s3transfer/tasks.py", line 150, in _execute_main
    return_value = self._main(**kwargs)
  File "/Users/dylan/.local/share/virtualenvs/myapp-MCS7ouoX/lib/python3.9/site-packages/s3transfer/upload.py", line 694, in _main
    client.put_object(Bucket=bucket, Key=key, Body=body, **extra_args)
  File "/Users/dylan/.local/share/virtualenvs/myapp-MCS7ouoX/lib/python3.9/site-packages/botocore/client.py", line 386, in _api_call
    return self._make_api_call(operation_name, kwargs)
  File "/Users/dylan/.local/share/virtualenvs/myapp-MCS7ouoX/lib/python3.9/site-packages/botocore/client.py", line 705, in _make_api_call
    raise error_class(parsed_response, operation_name)
botocore.exceptions.ClientError: An error occurred (AccessDenied) when calling the PutObject operation: Access Denied

AWS_DEFAULT_ACL 是否意味着仅在您创建存储桶时使用向所有人公开？
如果设置，它是否将给定的 ACL（例如 'public-read'）应用于上传文件？
设置了'public-read'，我可以不运行collectstatic吗？

[我正在探索这一切，因为我是 having troubles making my static files available to all，想知道 AWS_DEFAULT_ACL 是否有帮助。]

文档没有帮助，我很困惑系统是如何工作的，正如你可能知道的那样......

【问题讨论】：

标签： django amazon-s3 boto3 collectstatic python-django-storages

【解决方案1】：

我相信您现在已经找到了问题的答案或找到了解决方法。只是为了那些最终在这里寻找答案的人 AWS_DEFAULT_ACL 意味着什么，这是 django-storages 的文档所说的：

AWS_DEFAULT_ACL (optional; default is None which means the file will be private per Amazon’s defalt)

Use this to set an ACL on your file such as public-read. If not set the file will be private per Amazon’s defau

【讨论】：