Почему Django CKeditor создает URL-адрес AWS s3, срок действия которого истекает через 1 час?

Question

Я использую Django Zinnia с CKeditor в качестве редактора блога wysiwyg.

Я могу отлично загружать изображения и подключаться к корзине AWS S3.

Когда я прикрепляю изображение к сообщению в блоге, оно появляется, но исчезает из сообщения и исчезает через 1 час.

Почему это так?

Я использую:

zinnia-wysiwyg-ckeditor==1.3
Django==2.1.2
django-s3-storage==0.12.4
boto3==1.9.54
botocore==1.12.54

Настройки для Django s3 Storage

AWS_QUERYSTRING_AUTH = False

# Amazon S3
DEFAULT_FILE_STORAGE = 'django_s3_storage.storage.S3Storage'

# The AWS region to connect to.
AWS_REGION = "eu-west-3"

# The AWS access key to use.
AWS_ACCESS_KEY_ID = os.environ['AWS_ACCESS_KEY_ID']

# The AWS secret access key to use.
AWS_SECRET_ACCESS_KEY = os.environ['AWS_SECRET_ACCESS_KEY']

# The optional AWS session token to use.
# AWS_SESSION_TOKEN = ""

# The name of the bucket to store files in.
AWS_S3_BUCKET_NAME = os.environ['AWS_S3_BUCKET_NAME']

# How to construct S3 URLs ("auto", "path", "virtual").
AWS_S3_ADDRESSING_STYLE = "auto"

# The full URL to the S3 endpoint. Leave blank to use the default region URL.
AWS_S3_ENDPOINT_URL = ""

# A prefix to be applied to every stored file. This will be joined to every filename using the "/" separator.
AWS_S3_KEY_PREFIX = ""

# Whether to enable authentication for stored files. If True, then generated URLs will include an authentication
# token valid for `AWS_S3_MAX_AGE_SECONDS`. If False, then generated URLs will not include an authentication token,
# and their permissions will be set to "public-read".
AWS_S3_BUCKET_AUTH = True

# How long generated URLs are valid for. This affects the expiry of authentication tokens if `AWS_S3_BUCKET_AUTH`
# is True. It also affects the "Cache-Control" header of the files.
# Important: Changing this setting will not affect existing files.
AWS_S3_MAX_AGE_SECONDS = 60 * 60  # 1 hours.

# A URL prefix to be used for generated URLs. This is useful if your bucket is served through a CDN. This setting
# cannot be used with `AWS_S3_BUCKET_AUTH`.
AWS_S3_PUBLIC_URL = ""

# If True, then files will be stored with reduced redundancy. Check the S3 documentation and make sure you
# understand the consequences before enabling.
# Important: Changing this setting will not affect existing files.
AWS_S3_REDUCED_REDUNDANCY = False

# The Content-Disposition header used when the file is downloaded. This can be a string, or a function taking a
# single `name` argument.
# Important: Changing this setting will not affect existing files.
AWS_S3_CONTENT_DISPOSITION = ""

# The Content-Language header used when the file is downloaded. This can be a string, or a function taking a
# single `name` argument.
# Important: Changing this setting will not affect existing files.
AWS_S3_CONTENT_LANGUAGE = ""

# A mapping of custom metadata for each file. Each value can be a string, or a function taking a
# single `name` argument.
# Important: Changing this setting will not affect existing files.
AWS_S3_METADATA = {}

# If True, then files will be stored using AES256 server-side encryption.
# If this is a string value (e.g., "aws:kms"), that encryption type will be used.
# Otherwise, server-side encryption is not be enabled.
# Important: Changing this setting will not affect existing files.
AWS_S3_ENCRYPT_KEY = False

# The AWS S3 KMS encryption key ID (the `SSEKMSKeyId` parameter) is set from this string if present.
# This is only relevant if AWS S3 KMS server-side encryption is enabled (above).
AWS_S3_KMS_ENCRYPTION_KEY_ID = ""

# If True, then text files will be stored using gzip content encoding. Files will only be gzipped if their
# compressed size is smaller than their uncompressed size.
# Important: Changing this setting will not affect existing files.
AWS_S3_GZIP = True

# The signature version to use for S3 requests.
AWS_S3_SIGNATURE_VERSION = None

# If True, then files with the same name will overwrite each other. By default it's set to False to have
# extra characters appended.
AWS_S3_FILE_OVERWRITE = False

MEDIA_URL = '%s.s3.amazonaws.com' % AWS_S3_BUCKET_NAME + '/'

# Blog Settings
ZINNIA_MARKUP_LANGUAGE = 'markdown'
ZINNIA_PROTOCOL = 'https'
ZINNIA_UPLOAD_TO = MEDIA_URL

# Blog Ckeditor
CKEDITOR_UPLOAD_PATH = MEDIA_URL
CKEDITOR_BASEPATH = '/static/ckeditor/ckeditor/'
CKEDITOR_IMAGE_BACKEND = 'pillow'

Политика AWS Bucket

"Statement": [
        {
            "Sid": "id",
            "Effect": "Allow",
            "Principal": "*",
            "Action": "s3:GetObject",
            "Resource": "arn:aws:s3:::mybucket/*"
        },
        {
            "Sid": "id",
            "Effect": "Allow",
            "Principal": {
                "AWS": "arn:aws:iam::mycredentials"
            },
            "Action": [
                "s3:DeleteObject",
                "s3:GetObject",
                "s3:GetObjectAcl",
                "s3:PutObject",
                "s3:PutObjectAcl"
            ],
            "Resource": "arn:aws:s3:::mybucket/*"
        }
    ]
}

Настройка CORS

<?xml version="1.0" encoding="UTF-8"?>
<CORSConfiguration xmlns="http://s3.amazonaws.com/doc/2006-03-01/">
<CORSRule>
    <AllowedOrigin>*</AllowedOrigin>
    <AllowedMethod>GET</AllowedMethod>
    <MaxAgeSeconds>3000</MaxAgeSeconds>
    <AllowedHeader>Authorization</AllowedHeader>
</CORSRule>
</CORSConfiguration>