Python Forum
Accessing S3 buckets through the AWS dashboard created by dj_database_url
Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Accessing S3 buckets through the AWS dashboard created by dj_database_url
#1
I automated the creation and configuration of my Postgres db for my Django project hosted as an S3 bucket on AWS through Heroku using a dj_database_url.config() method inside my settings.py. Using this tool, I can just export the Postgres db env variables in my shell using the format:

Quote:(local venv) $ export DATABASE_URL='postgres://USER:PASSWORD@HOST:PORT/NAME'
and then I can enter data from my local dev server as if it were in the cloud. Very convenient!

The problem is, I got an email notification from Amazon yesterday saying that my db contents are public so this prompted me to check out my S3 permissions. I found some guides and docs on AWS, on Heroku, and elsewhere around the web, which explain how to use AWS and how to view and modify S3 permissions. Guides I came across include:
These guides explain how to set up an S3 bucket from scratch for a Python app, however in my case, dj_database_url has already done all the heavy lifting. None of these guides explain how to access my HEROKU_POSTGRESQL_<color>_URL instances already existing on AWS configured by dj_database_url as they appear as env variables within my Heroku Dashboard.

I’ve got an AWS root account set up but I can’t figure out how to connect it to the S3 instances initialized by the helpful dj_database_url script.

My question: How do I access the Postgres db S3 buckets through the AWS Dashboard so that I can view and change their permissions?
Reply
#2
Not that I know how to help, but what do you mean by "Postgres hosted as an S3 bucket"? Usually S3 is used for static files, rather than live databases. How does what you're saying work? Do you have a link to some docs about this?
Reply
#3
Thank you, @ndc85430, for your reply.

(Mar-25-2021, 04:37 AM)ndc85430 Wrote: Not that I know how to help, but what do you mean by "Postgres hosted as an S3 bucket"? Usually S3 is used for static files, rather than live databases.How does what you're saying work? Do you have a link to some docs about this?

Based on your questions, I’ve identified the issue. I was confusing AWS’ RDS with S3. The email that I got from Amazon (that I mentioned in my original post) was warning me that my S3 files are public and may be indexed on public search engines. If that means my static files such as images, javascript, and css files are exposed, then I’m not concerned at all. What concerned me was the production data (blog posts like essay material) I’ve entered into Postgres which I had intended on protecting from public search engines behind a fortified gateway. I was concerned that this data was exposed, but I now understand that it is not.

I don’t fully understand the email from Amazon (below). What else is Amazon trying to say about my static file data being at risk? Based on your understanding (even a little insight would be great) of what is said below, what security implications might there be for protecting website data in general?

Here is the email in full from Amazon:

Quote:Hello,

We are writing to notify you that you have configured your S3 bucket(s) to be publicly accessible, and this may be a larger audience than you intended. By default, S3 buckets allow only the account owner to access the contents of a bucket; however, customers can configure S3 buckets to permit public access. Public buckets are accessible by anyone on the Internet, and content in them may be indexed by search engines.

We recommend enabling the S3 Block Public Access feature on buckets if public access is not required. S3 bucket permissions should never allow "Principal":"*" unless you intend to grant public access to your data. Additionally, S3 bucket ACLs should be appropriately scoped to prevent unintended access to "Authenticated Users" (anyone with an AWS account) or "Everyone" (anyone with Internet access) unless your use case requires it. For AWS's definition of "Public Access," please see The Meaning of "Public” [1].

The list of buckets which can be publicly accessed is below:

slashtest02 | us-east-2


You can ensure individual buckets, or all your buckets prevent public access by turning on the S3 Block Public Access feature [2]. This feature is free of charge and it only takes a minute to enable. For step by step instructions on setting up S3 Block Public Access via the S3 management console, see Jeff Barr’s blog [3], or check out the video tutorial on Block Public Access [4].

If you have a business need to maintain some level of public access, please see Overview of Managing Access [5] for more in-depth instructions on managing access to your bucket to make sure you’ve permitted the correct level of access to your objects. If you would like more information about policy configuration in S3, please refer to Managing Access in Amazon S3 [6], and S3 Security Best Practices [7].

We recommend that you make changes in accordance with your operational best practices.

If you believe you have received this message in error or if you require technical assistance, please open a support case[8].

[1] https://docs.aws.amazon.com/AmazonS3/lat...icy-status
[2] https://docs.aws.amazon.com/AmazonS3/lat...ccess.html
[3] https://aws.amazon.com/blogs/aws/amazon-...d-buckets/
[4] https://aws.amazon.com/s3/features/block-public-access/
[5] https://docs.aws.amazon.com/AmazonS3/lat...ons-basics
[6] https://docs.aws.amazon.com/AmazonS3/lat...ntrol.html
[7] https://docs.aws.amazon.com/AmazonS3/lat...tices.html
[8] https://aws.amazon.com/support

Sincerely,
Amazon Web Services

Amazon Web Services, Inc. is a subsidiary of Amazon.com, Inc. Amazon.com is a registered trademark of Amazon.com, Inc. This message was produced and distributed by Amazon Web Services Inc., 410 Terry Ave. North, Seattle, WA 98109-5210
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  Auto-Updating Dashboard w/ Notifications Kadin 1 1,498 Sep-28-2020, 12:17 PM
Last Post: DeaD_EyE
  [Flask]After login page is not redirecting me to dashboard shockwave 0 2,659 May-07-2020, 05:22 PM
Last Post: shockwave

Forum Jump:

User Panel Messages

Announcements
Announcement #1 8/1/2020
Announcement #2 8/2/2020
Announcement #3 8/6/2020