500 Internal Server Error - Aws::S3::Errors::AccessDenied - CarrierWave

Question

I am trying to upload images to S3 via CarrierWave but keep getting a 500 Internal Server Error - Aws::S3::Errors::AccessDenied. I am using the ruby gem CarrierWave to configure AWS and dotenv-rails to call and hide my credentials in a .env file. It seems my code is working properly but I am being denied permission to my bucket. This is my first time trying to integrate AWS into a project so my configuration might be off on that end. Any help would be greatly appreciated.

I have already tried resetting my access keys and making sure my region was set properly. I even changed the region and received an error which prompted me to change it back to the correct region: "us-west-1". I made sure that dotenv-rails was working correctly by making sure I could fetch my credentials via the rails console. I also used 'byebug' to set a break point in my update action in my portfolio controller to manually enter the update code myself. I can see the new image I am attempting to update my portfolio item with but it always rollsback.

portfolios_controller.rb:

class PortfoliosController < ApplicationController
    before_action :set_portfolio, only: [:show, :edit, :update, :destroy]

    layout "portfolio"

    access all: [:show, :index, :javascript], user: {except: [:destroy, :new, :create, :update, :edit, :sort]}, site_admin: :all

    def index
        @portfolio_items = Portfolio.by_position
    end

  def sort
    params[:order].each do |key, value|
      Portfolio.find(value[:id]).update(position: value[:position])
    end

    render :index
  end

    def javascript
        @javascript_portfolio_items = Portfolio.javascript
    end

    def new
        @portfolio_item = Portfolio.new
        3.times { @portfolio_item.technologies.build }
    end

    def show
    end

    def create
    @portfolio_item = Portfolio.new(portfolio_params)

    respond_to do |format|
      if @portfolio_item.save
        format.html { redirect_to portfolios_path, notice: 'Portfolio item was successfully created.' }
      else
        format.html { render :new }
      end
    end
    end

    def edit
    end

    def update
            respond_to do |format|
                if @portfolio_item.update(portfolio_params)
                    format.html { redirect_to portfolios_path, notice: 'Portfolio item was successfully updated.' }
                else
                    format.html { render :edit }
                end
            end
    end

    def destroy
        @portfolio_item.destroy

    respond_to do |format|
      format.html { redirect_to portfolios_url, notice: 'Portfolio item was successfully deleted.' }
    end
    end

    private
    # Use callbacks to share common setup or constraints between actions.
    def set_portfolio
        @portfolio_item = Portfolio.find(params[:id])
    end

    # Never trust parameters from the scary internet, only allow the white list through.
    def portfolio_params
        params.require(:portfolio).permit(:title, 
                                                                            :subtitle, 
                                                                            :main_image,
                                                                            :thumb_image,
                                                                            :body, 
                                                                            technologies_attributes: [:id, :name, :_destroy]
                                                                            )
    end

end

carrierwave.rb:

CarrierWave.configure do |config|
  config.storage    = :aws
  config.aws_bucket = ENV.fetch('S3_BUCKET_NAME')
  config.aws_acl    = 'public-read'
  config.aws_authenticated_url_expiration = 60 * 60 * 24 * 7
  config.aws_attributes = {
    expires: 1.week.from_now.httpdate,
    cache_control: 'max-age=604800'
  }

   config.aws_credentials = {
    access_key_id:     ENV.fetch('AWS_ACCESS_KEY_ID'),
    secret_access_key: ENV.fetch('AWS_SECRET_ACCESS_KEY'),
    region:            ENV.fetch('AWS_REGION') # Required
  }
end 

portfolio_uploader.rb:

class PortfolioUploader < CarrierWave::Uploader::Base

  storage :aws

  def store_dir
    "uploads/#{model.class.to_s.underscore}/#{mounted_as}/#{model.id}"
  end

  # Add a white list of extensions which are allowed to be uploaded.
  # For images you might use something like this:
  def extension_whitelist
    %w(jpg jpeg gif png)
  end

end

Rails Server:

Started PATCH "/portfolios/10" for 127.0.0.1 at 2019-02-13 14:42:36 -0600
Processing by PortfoliosController#update as HTML
  Parameters: {"utf8"=>"✓", "authenticity_token"=>"rYMLuRSQkoq6Nx+4MdXulBMCaBTRZm0xAm1qVLWf9QYnZewSPFXylE/HSK/1kXliZqX+pt4J+6YPjCslcgc9AA==", "portfolio"=>{"title"=>"Updated", "subtitle"=>"Javascript", "main_image"=>#<ActionDispatch::Http::UploadedFile:0x00007fe00d14f6f0 @tempfile=#<Tempfile:/var/folders/8c/dyl1g215043d3hk1gzq9bz4h0000gn/T/RackMultipart20190213-59215-1dc56wv.png>, @original_filename="b7jlq5pf52m11.png", @content_type="image/png", @headers="Content-Disposition: form-data; name=\"portfolio[main_image]\"; filename=\"b7jlq5pf52m11.png\"\r\nContent-Type: image/png\r\n">, "thumb_image"=>#<ActionDispatch::Http::UploadedFile:0x00007fe00d14f678 @tempfile=#<Tempfile:/var/folders/8c/dyl1g215043d3hk1gzq9bz4h0000gn/T/RackMultipart20190213-59215-1ay0r07.png>, @original_filename="b7jlq5pf52m11.png", @content_type="image/png", @headers="Content-Disposition: form-data; name=\"portfolio[thumb_image]\"; filename=\"b7jlq5pf52m11.png\"\r\nContent-Type: image/png\r\n">, "body"=>"Lorem ipsum dolor sit amet, consectetur adipiscing elit. Mauris eget volutpat lectus. Donec neque urna, mattis ut fermentum non, iaculis sed est. Vestibulum odio tortor, scelerisque id maximus id, dignissim at turpis. Pellentesque habitant morbi tristique senectus et netus et malesuada fames ac turpis egestas. Praesent in magna vitae enim condimentum sollicitudin. Proin lobortis euismod velit. Aenean ac nibh a augue tempus dapibus eu sollicitudin leo. Fusce lorem arcu, tempor a ligula vitae, tincidunt finibus augue. Maecenas tempor odio sit amet molestie congue. Vestibulum porttitor neque dui, sit amet pharetra elit feugiat sit amet.", "technologies_attributes"=>{"0"=>{"name"=>"Technology 0", "id"=>"1"}, "1"=>{"name"=>"Technology 1", "id"=>"2"}, "2"=>{"name"=>"Technology 2", "id"=>"3"}, "3"=>{"name"=>"Technology 123", "id"=>"4"}, "4"=>{"name"=>"Technology 1", "id"=>"5"}, "5"=>{"name"=>"Technology 2", "id"=>"6"}, "6"=>{"name"=>"Technology 0", "id"=>"7"}, "7"=>{"name"=>"Technology 1", "id"=>"8"}, "8"=>{"name"=>"Technology 2", "id"=>"9"}, "9"=>{"name"=>"Technology 123", "id"=>"10"}, "10"=>{"name"=>"Technology 1", "id"=>"11"}, "11"=>{"name"=>"Technology 2", "id"=>"12"}}}, "commit"=>"Save Portfolio Item", "id"=>"10"}
  Portfolio Load (1.5ms)  SELECT  "portfolios".* FROM "portfolios" WHERE "portfolios"."id" = $1 LIMIT $2  [["id", 10], ["LIMIT", 1]]
  ↳ app/controllers/portfolios_controller.rb:68
  User Load (1.3ms)  SELECT  "users".* FROM "users" WHERE "users"."id" = $1 ORDER BY "users"."id" ASC LIMIT $2  [["id", 1], ["LIMIT", 1]]
  ↳ app/controllers/concerns/current_user_concern.rb:5
   (0.2ms)  BEGIN
  ↳ app/controllers/portfolios_controller.rb:49
  Technology Load (1.1ms)  SELECT "technologies".* FROM "technologies" WHERE "technologies"."portfolio_id" = $1 AND "technologies"."id" IN ($2, $3, $4, $5, $6, $7, $8, $9, $10, $11, $12, $13)  [["portfolio_id", 10], ["id", 1], ["id", 2], ["id", 3], ["id", 4], ["id", 5], ["id", 6], ["id", 7], ["id", 8], ["id", 9], ["id", 10], ["id", 11], ["id", 12]]
  ↳ app/controllers/portfolios_controller.rb:49
  Portfolio Update (0.7ms)  UPDATE "portfolios" SET "main_image" = $1, "thumb_image" = $2, "updated_at" = $3 WHERE "portfolios"."id" = $4  [["main_image", "b7jlq5pf52m11.png"], ["thumb_image", "b7jlq5pf52m11.png"], ["updated_at", "2019-02-13 20:42:36.732254"], ["id", 10]]
  ↳ app/controllers/portfolios_controller.rb:49
   (0.4ms)  ROLLBACK
  ↳ app/controllers/portfolios_controller.rb:49
Completed 500 Internal Server Error in 391ms (ActiveRecord: 18.3ms)



Aws::S3::Errors::AccessDenied (Access Denied):

app/controllers/portfolios_controller.rb:49:in `block in update'
app/controllers/portfolios_controller.rb:48:in `update'

I expected this to work and be able to access the AWS resource but maybe there is some configuration I need to set for my bucket? The AWS documentation has been difficult to digest so far. I could use the help please and thank you.

Answer 1

FIXED: Had to go into AWS Dashboard and change the public access settings for the S3 bucket I was trying to access. You can navigate to it by accessing your AWS dashboard, select S3 resource, select the bucket you are trying to gain access to and then go into it's properties menu. I just set everything to false. Could use some more clarification on the individual settings here.

Manage public access control lists (ACLs)

Block new public ACLs and uploading public objects:

False

Remove public access granted through public ACLs:

False

Manage public bucket policies

Block new public bucket policies:

False

Block public and cross-account access if bucket has public policies:

False