CODEWITHSUNDEEP
phpsymfonyamazon-s3sonatasonata-media-bundle
NOaMTL
NOaMTL

Reputation: 193

Sonata + Amazon S3 - Could not write the key content

I did install the dev-master version of Sonata Media (+ all requirements) and it is working fine. Now I am trying to use the amazon s3 fileservice to upload my images and files. (I am working with wamp on localhost)

This is my config :

#...
sonata_media:
    default_context: default
    db_driver: doctrine_orm # or doctrine_mongodb, doctrine_phpcr it is mandatory to choose one here
    default_context: default # you need to set a context
    contexts:
        default:  # the default context is mandatory
            providers:
                - sonata.media.provider.dailymotion
                - sonata.media.provider.youtube
                - sonata.media.provider.image
                - sonata.media.provider.file

            formats:
                small: { width: 100 , quality: 70}
                big:   { width: 500 , quality: 70}

    cdn:
        server:
            path: http://mybucketname.s3-website-us-east-1.amazonaws.com
    providers:
        image:
            filesystem: sonata.media.filesystem.s3
    filesystem:
        s3:
            bucket: #MyBundlename
            accessKey: #MyAccessKey
            secretKey: #Mysecret key
            region: s3-website-us-east-1.amazonaws.com
            storage: standard
            acl: public #I tried private too

So for my Keys, I tried with the owners keys and user's one that I created with list+upload/Delete permissions

this is also my Bucket Policy

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "AddPerm",
            "Effect": "Allow",
            "Principal": "*",
            "Action": "s3:GetObject",
            "Resource": "arn:aws:s3:::mybcucketname/*"
        }
    ]
}

And this the error i get when I try to upload an image with sonata media bundle :

Could not write the "default/0001/01/634f09dfda5705a8310c084a92f686ec33449960.png" key content.

Also this is my composer.json file :

"php": ">=5.3.3",
    "symfony/symfony": "2.6.*",
    "doctrine/orm": "~2.2,>=2.2.3,<2.5",
    "doctrine/dbal": "<2.5",
    "doctrine/doctrine-bundle": "~1.2",
    "twig/extensions": "~1.0",
    "symfony/assetic-bundle": "~2.3",
    "symfony/swiftmailer-bundle": "~2.3",
    "symfony/monolog-bundle": "~2.4",
    "sensio/distribution-bundle": "~3.0,>=3.0.12",
    "sensio/framework-extra-bundle": "~3.0,>=3.0.2",
    "incenteev/composer-parameter-handler": "~2.0",
    "sonata-project/core-bundle": "2.3.*@dev",
    "sonata-project/intl-bundle": "2.2.*@dev",
    "sonata-project/admin-bundle": "2.4.*@dev",
    "sonata-project/doctrine-orm-admin-bundle": "2.4.*@dev",
    "sonata-project/datagrid-bundle": "2.2.*@dev",
    "sonata-project/classification-bundle": "dev-master",
    "jms/serializer-bundle": "~0.13",
    "sonata-project/easy-extends-bundle": "2.1.*@dev",
    "sonata-project/media-bundle": "2.4.*@dev",
    "aws/aws-sdk-php": "2.*"

This is the amazon s3 logs

" 403 AccessDenied 231 149653 16 - "

(the rest of the log is correct, the bucket name and user) Thank you for your assistance. Yohan.

Upvotes: 2

Views: 1579

Answers (2)

ferchopolice
ferchopolice

Reputation: 11

My problem was that i have the default acl value inside s3 configuration.

I change it to:

filesystem:
        s3:
            directory:  'upload/media'
            acl: private   #<------ this is what i change
            bucket:      '%env(resolve:S3_MEDIA_BUCKET_NAME)%'
            accessKey:   '%env(resolve:S3_MEDIA_ACCESS_KEY)%'
            secretKey:   '%env(resolve:S3_MEDIA_SECRET_KEY)%'
            region:      '%env(resolve:S3_MEDIA_REGION)%'
            version:     '2006-03-01' 
            sdk_version: 3

Hope it helps.

Upvotes: 0

NOaMTL
NOaMTL

Reputation: 193

I don't know if what I did is the best solution and is secure but : - I edited the bucket policy :

old one : 

{
"Version": "2012-10-17",
"Statement": [
    {
        "Sid": "AddPerm",
        "Effect": "Allow",
        "Principal": "*",
        "Action": "s3:GetObject",
        "Resource": "arn:aws:s3:::mybucket/*"
    }
]

}

New one :

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "AddPerm",
            "Effect": "Allow",
            "Principal": "*",
            "Action": "s3:GetObject",
            "Resource": "arn:aws:s3:::mybucket/*"
        },
        {
            "Sid": "AddCannedAcl",
            "Effect": "Allow",
            "Principal": {
                "AWS": [
                    "arn:aws:iam::XXXXXXXXXXXX:user/myuser"
                ]
            },
            "Action": [
                "s3:PutObject",
                "s3:PutObjectAcl"
            ],
            "Resource": [
                "arn:aws:s3:::mybucket/*"
            ],
            "Condition": {
                "StringEquals": {
                    "s3:x-amz-acl": [
                        "public-read"
                    ]
                }
            }
        }
    ]
}

Where arn:aws:iam::XXXXXXXXXXXX:user/myuser is a user you create with the list upload/delete permissions.

Upvotes: 0

Related Questions