Ruby Amazon S3 Access Denied When Listing Buckets

Ruby Amazon S3 Access Denied when listing buckets

You can fix this in following way.

  1. First go to s3 console in amazon.
  2. Then click on bucket.
  3. Then click on properties tab in right side.
  4. Then click on permission options
  5. Click on add more permission
  6. Check the all checkbox and save it.

Ruby S3 Access Denied error when calling upload_file with ACL

After spending more time than I would like to admit playing around with S3 bucket policies, I figured out how to make it work.

I highly recommend these three AWS resources:

  1. Example Bucket Policies
  2. Policy Generator
  3. IAM Policy Elements Reference

I created a policy that allows a particular user to have Object Upload, Object ACL, and Object Delete permissions for my bucket. Here's the JSON:

{
"Version": "2012-10-17",
"Id": "Policy1441134540846",
"Statement": [
{
"Sid": "Stmt1441134537688",
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::MY_USER_ID:user/myemail@example.com"
},
"Action": [
"s3:DeleteObject",
"s3:PutObjectAcl",
"s3:PutObject"
],
"Resource": "arn:aws:s3:::MY_BUCKET/*"
}
]
}

A few tips:

  • The reference in bullet 3 above is helpful in understanding the "Principal" part of the JSON. Just create a user in IAM, and fill the appropriate info out.
  • The Resource part can be a little finicky. Depending on the permissions you're granting, you need to think about whether you should be specifying the objects in the bucket (hence the "/*" after MY_BUCKET) or the bucket itself. If you start getting errors when you try to save the bucket (something along the lines of "Action does not apply to any resource(s) in statement..." you're probably specifying the wrong resource.
  • One last thing you might try it just opening up your permissions to everyone (specifying Principal as "*") until you can get the functionality going. Then whittle down your access list by changing the Principal once you've got things going.

AWS::S3::Errors::AccessDenied. Cannot save to S3 with Ruby on Rails

As noted in a comment by user taglia

You need to set your AWS credentials as config variables in heroku (basically environment variables). You can check if they are set with heroku config; if they are not set, you can add them with heroku config:set S3_BUCKET_NAME=something AWS_ACCESS_KEY_ID=whatever AWS_SECRET_ACCESS_KEY=something_secret. More info with heroku config --help

AWS::S3::Errors::AccessDenied: Access Denied when trying to do copy_to

The parameters to AWS.config are access_key_id and secret_access_key, without the aws_ prefix.

http://docs.aws.amazon.com/AWSRubySDK/latest/AWS.html#config-class_method

Access Denied S3 with Paperclip

You should not really need the Admin Access to achieve this.
Make sure you have AWS access_key_id and secret_access_key setup in your heroku config. And, you also would need to make sure your user account has an Access Policy set in the AWS IAM Console.

See this post for some more info.

The default permission for Paperclip is :public_read unless you specify the bucket to be private.

See this for information about Module: Paperclip::Storage::S3



Related Topics



Leave a reply



Submit