Reputation: 277
Access denied with root user s3, with Ruby on Rails
I tried using the root access and secret key, got an access denied error. I tried regenerating the keys, and used the new keys and was still denied access. I've also tried creating an IAM user, granting it full s3access, along with creating a bucket policy as follows below and still got an access denied error. Any help would be appreciated! I know I can solve this problem by making the bucket public, and it's for my own portfolio website and I'm the only person who would ever be uploading photos to this site, however, I know this isn't good practice and would like to figure out why I am getting this error.
{
"Id": "Policy***********",
"Version": "2012-10-17",
"Statement": [
{
"Sid": "Stmt1545097638***",
"Action": "s3:*",
"Effect": "Allow",
"Resource": "arn:aws:s3:::my-bucket-name",
"Principal": {
"AWS": [
"arn:aws:iam::iamidhere:user/useridhere"
]
}
}
]
}
I also updated the above bucket policy to include the root credentials for the user id and user name, still with access denied. I restarted the rails server, closed out of the localhost I'm testing this on and restarted the entire process but to no luck. Yes I've switched the access keys and made sure I'm using the right ones depending on if it was for the root user or the IAM user I created.
My local .env file
S3_BUCKET_NAME=bucket-name
AWS_ACCESS_KEY_ID=*************
AWS_SECRET_ACCESS_KEY=************
AWS_REGION=us-east-1
I'm using the carrierwave-aws gem, my carrierwave.rb file:
CarrierWave.configure do |config|
config.storage = :aws
config.aws_bucket = ENV.fetch('S3_BUCKET_NAME')
config.aws_acl = 'public-read'
config.aws_authenticated_url_expiration = 60 * 60 * 24 * 7
config.aws_attributes = {
expires: 1.week.from_now.httpdate,
cache_control: 'max-age=604800'
}
config.aws_credentials = {
access_key_id: ENV.fetch('AWS_ACCESS_KEY_ID'),
secret_access_key: ENV.fetch('AWS_SECRET_ACCESS_KEY'),
region: ENV.fetch('AWS_REGION'),
stub_responses: Rails.env.test?
}
end
I've attempted both answers below with no success!
Upvotes: 0
Views: 472
Answers (2)
Reputation:
Your bucket policy isn't allowing access to the resources inside the bucket, just the bucket in general, you need to add a policy that allows something like the following:
{
"Id": "Policy***********",
"Version": "2012-10-17",
"Statement": [
{
"Sid": "Stmt1545097638***",
"Action": "s3:*",
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::bucketnamehere",
"arn:aws:s3:::bucketnamehere/*"
],
"Principal": {
"AWS": [
"arn:aws:iam::ACCOUNTID:user/USERNAME"
]
}
}
]
}
Then give your user access to the objects with the following policy:
{
"Effect": "Allow",
"Action": "s3:*",
"Resource": [
"arn:aws:s3:::BUCKETNAME",
"arn:aws:s3:::BUCKETNAME/*"
]
}
Upvotes: 0
Reputation: 762
Create a new IAM User and attach below policy to that user and try it, it's working on my server.
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:GetBucketLocation",
"s3:ListAllMyBuckets"
],
"Resource": "arn:aws:s3:::*"
},
{
"Effect": "Allow",
"Action": "s3:*",
"Resource": [
"arn:aws:s3:::YOUR-BUCKET",
"arn:aws:s3:::YOUR-BUCKET/*"
]
}
]
}
Upvotes: 1
Related Questions
- I have full S3 permissions, confirmed with simulator, but getting an access denied using AWS S3 SDK for Rails
- AWS::S3::Errors::AccessDenied: Access Denied when trying to do copy_to
- Aws::S3::Errors::AccessDenied: Access Denied
- Trying to set up Amazon's S3 bucket: 403 Forbidden error & setting permissions
- How to debug AWS S3 "Access Denied"
- Aws::S3::Errors::AccessDenied when trying to write using rails apps
- Amazon S3: 403 forbidden "Invalid according to policy: policy expired" (Ruby)
- Ruby Amazon S3 Access Denied when listing buckets
- Problem in accessing bucket of my AWS S3 account
- Amazon S3 GET object Access Denied