By using AWS re:Post, you agree to the Terms of Use

How can I resolve AWS::S3::Errors:: Access Denied?

0

Hi I've followed the link below to configure paperclip with AWS S3 but I keep getting a "AWS::S3::ERRORS::AccessDenied (Access Denied):" from the heroku logs. If I remove my block public access settings, I am able to upload an image to my S3 folder without fail.

May I know if there's anything I should configure to make this work properly? My ENV files are 100% correct as they were able to connect when I removed block all public access..

I currently have a bucket policy like that and no CORS configuration

{ "Version": "2012-11-17", "Id": "Policy1231xxx1231xx", "Statement": [ { "Sid": "Stmt1123123123", "Effect": "Allow", "Principal": { "AWS": "arn:aws:iam::2123123123:user/someuser" }, "Action": "s3:*", "Resource": "arn:aws:s3:::somename" } ] }

asked 20 days ago28 views
1 Answers
2
Accepted Answer

Hi andy,

From your description the S3 policy seems fine. Just to be sure, I would test the policy with the user you are trying to use. Just go to IAM -> (in the main Dashboard) Right side of the screen click in Policy Simulator -> Select the user you are trying to use -> Select the S3 bucket action you are tying to perform with that user.

About the paperclip configuration ( the one from the config folder like /config/environments/production.rb ), can you confirm you are using the following structure:

config.paperclip_defaults = {
    storage: :s3,
    s3_credentials => {
        bucket: ENV.fetch('S3_BUCKET_NAME'),
        access_key_id: ENV.fetch('AWS_ACCESS_KEY_ID'),
        secret_access_key:  ENV.fetch('AWS_SECRET_ACCESS_KEY'),
        s3_region: ENV.fetch('AWS_REGION')
    }

}

?

answered 20 days ago
  • Minor issue in the config, works now. thanks!

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions