How can I resolve AWS::S3::Errors:: Access Denied?

Question

Hi I've followed the link below to configure paperclip with AWS S3 but I keep getting a "AWS::S3::ERRORS::AccessDenied (Access Denied):" from the heroku logs. If I remove my block public access settings, I am able to upload an image to my S3 folder without fail.

May I know if there's anything I should configure to make this work properly? My ENV files are 100% correct as they were able to connect when I removed block all public access..

I currently have a bucket policy like that and no CORS configuration

{
"Version": "2012-11-17",
"Id": "Policy1231xxx1231xx",
"Statement": [
    {
        "Sid": "Stmt1123123123",
        "Effect": "Allow",
        "Principal": {
            "AWS": "arn:aws:iam::2123123123:user/someuser"
        },
        "Action": "s3:*",
        "Resource": "arn:aws:s3:::somename"
    }
]
}

Accepted Answer

Hi andy,

From your description the S3 policy seems fine. Just to be sure, I would test the policy with the user you are trying to use. Just go to IAM -> (in the main Dashboard) Right side of the screen click in **Policy Simulator** -> Select the user you are trying to use -> Select the S3 bucket action you are tying to perform with that user.

About the paperclip configuration ( the one from the config folder like /config/environments/production.rb ), can you confirm you are using the following structure:

```
config.paperclip_defaults = {
    storage: :s3,
    s3_credentials => {
        bucket: ENV.fetch('S3_BUCKET_NAME'),
        access_key_id: ENV.fetch('AWS_ACCESS_KEY_ID'),
        secret_access_key:  ENV.fetch('AWS_SECRET_ACCESS_KEY'),
        s3_region: ENV.fetch('AWS_REGION')
    }

}
```
?

How can I resolve AWS::S3::Errors:: Access Denied?

Relevanter Inhalt