[FIXED] Django app cannot delete AWS S3 bucket items

Issue

DISCLAIMER: (I'll put it at the top so people don't just skip and not read) I just recently started using AWS so I still don't understand a lot of things and yes, I already did the research on this subject and every post I found said to "make the bucket publicly available" which is something I would like to avoid and that should not be the correct answer since, in the tutorial I was following, the guy used it as private blocking all outside access.

The upload of an Images works without issues, so I would roule out any problem with the connection itself, but when I try to delete one I get the error An error occurred (AccessDenied) when calling the DeleteObject operation: Access Denied

I was following a tutorial about how to connect the bucket to django. The steps I took:

1. Created a bucket (not public like it said in the tutorial)
2. Created a User Group with "AmazonS3FullAccess" policy
3. Created a User inside the group with both the S3 full access and the "AWSCompromisedKeyQuarantineV2" policy
4. Generated the necessary keys (secret and access)

The S3FullAccess policy should be this one:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "s3:*",
                "s3-object-lambda:*"
            ],
            "Resource": "*"
        }
    ]
}

I then put all the access keys in my settings.py file like this:

STORAGES = {
    "default": {
        "BACKEND": "storages.backends.s3.S3Storage",
    },
    "staticfiles": {
        "BACKEND": "django.contrib.staticfiles.storage.StaticFilesStorage",
    },
}

AWS_ACCESS_KEY_ID = env("AWS_ACCESS_KEY_ID")
AWS_SECRET_ACCESS_KEY = env("AWS_SECRET_ACCESS_KEY")
AWS_STORAGE_BUCKET_NAME = env("AWS_STORAGE_BUCKET_NAME")
AWS_S3_REGION_NAME = env("AWS_S3_REGION_NAME")

This is the models.py file inside the application:

from django.db import models
from django.contrib.auth.models import User

def file_upload_folder(instance, filename):
    return '/'.join([instance.user.username, "gallery", filename])

class Folder(models.Model):
    icon = models.CharField(max_length=255, null=False, default='')
    name = models.CharField(primary_key=True, max_length=255, null=False, default='')
    user = models.ForeignKey(User, on_delete=models.CASCADE, default=None)

class File(models.Model):
    name = models.CharField(primary_key=True, max_length=255, null=False, default='')
    type = models.CharField(max_length=255, null=False, default='')
    extension = models.CharField(max_length=5, null=False, default='')
    path = models.FileField(upload_to=file_upload_folder)
    user = models.ForeignKey(User, on_delete=models.CASCADE)
    folder = models.ForeignKey(Folder, on_delete=models.CASCADE, default=None, null=True)

    def delete(self):
        self.path.delete()
        super().delete()

Since the upload works fine I thought the deletion would be kind of the same but apparently there is something about permissions I'm missing

Solution

Found the answer so I'm going to leave it here in case somebody else has the same problem in the future. It is possible that by default amazon assigns a default policy (something like "AWSCompromisedKeyQuarantine") that remove some permissions from the user, including the permittion for deleting items. Just remove that policy from the user and everything should work fine.

(AWS Console > IAM > Users > Select the user > Under permission policies select and remove the policy)

Answered By - smmo_