Attempting to upload a file to S3 results in Aws::S3::Errors::AccessDenied (Access Denied):

[Brett-Tanner]

• Tried checking IAM permissions for my account and the service role with Yamamoto-san, both have PutObject access to the S3 bucket.
• Temporarily rolled back to using disk storage for guide generation so Luis can still test

[Brett-Tanner]

Rails log reports the file as uploaded to S3, and the console seems to think it's there. Can even get a url for it, but permission is denied when you try to access it. The error occurs shortly after the app claims to have successfully uploaded the guide file. Full relevant log dump for an upload attempt follows:

09:28:22 rails.1 | I, [2024-05-09T09:28:22.066832 #9]  INFO -- : [4dbc8a3c-421a-4c77-af6b-946b1f0e950a] Started PATCH "/en/daily_activities/3" for 127.0.0.1 at 2024-05-09 09:28:22 +0000
09:28:22 rails.1 | I, [2024-05-09T09:28:22.080028 #9]  INFO -- : [4dbc8a3c-421a-4c77-af6b-946b1f0e950a] Processing by DailyActivitiesController#update as TURBO_STREAM
09:28:22 rails.1 | I, [2024-05-09T09:28:22.080167 #9]  INFO -- : [4dbc8a3c-421a-4c77-af6b-946b1f0e950a]   Parameters: {"authenticity_token"=>"[FILTERED]", "daily_activity"=>{"subtype"=>"games", "title"=>"Cheese", "goal"=>"Cheese", "level"=>"kindy", "type"=>"DailyActivity", "interesting_fact"=>"", "warning"=>"", "land_lang_goals"=>"", "sky_lang_goals"=>"", "galaxy_lang_goals"=>"", "materials"=>"hrehrehh", "intro"=>"hethetytbe", "instructions"=>"grewsgrwgwr", "large_groups"=>"htetehteh", "outro"=>"", "notes"=>"rehrehreh", "links"=>"GOOGLE:https://www.google.com", "resources"=>[""]}, "commit"=>"Update Daily activity", "locale"=>"en", "id"=>"3"}
09:28:22 rails.1 | I, [2024-05-09T09:28:22.111207 #9]  INFO -- : [4dbc8a3c-421a-4c77-af6b-946b1f0e950a] Redirected to http://materials-production.eba-mitvugnt.ap-northeast-1.elasticbeanstalk.com/en/lessons/3
09:29:00 rails.1 | I, [2024-05-09T09:29:00.558157 #9]  INFO -- : [4dbc8a3c-421a-4c77-af6b-946b1f0e950a]   S3 Storage (79.8ms) Uploaded file to key: 4qi7c59aep5w7ulnyxhnd95oml4k (checksum: YC33VqMGkA3Nb30nGX2j0Q==)
09:29:00 rails.1 | I, [2024-05-09T09:29:00.558398 #9]  INFO -- : [4dbc8a3c-421a-4c77-af6b-946b1f0e950a] Completed 500 Internal Server Error in 38477ms (ActiveRecord: 8.1ms | Allocations: 100406998)
09:29:00 rails.1 | E, [2024-05-09T09:29:00.560626 #9] ERROR -- : [4dbc8a3c-421a-4c77-af6b-946b1f0e950a]
09:29:00 rails.1 | [4dbc8a3c-421a-4c77-af6b-946b1f0e950a] Aws::S3::Errors::AccessDenied (Access Denied):
09:29:00 rails.1 | [4dbc8a3c-421a-4c77-af6b-946b1f0e950a]
09:29:00 rails.1 | [4dbc8a3c-421a-4c77-af6b-946b1f0e950a] app/models/concerns/pdfs/pdfable.rb:22:in `attach_guide'
09:29:00 rails.1 | [4dbc8a3c-421a-4c77-af6b-946b1f0e950a] app/controllers/lessons/lessons_controller.rb:108:in `generate_guide'

Also noticed that attempts to fetch the existing guide 404. And existing files don't seem to be deleted from ActiveStorage when deleted from disk due to server restarting

09:28:18 rails.1 | I, [2024-05-09T09:28:18.276304 #9]  INFO -- : [6652538d-36f9-4038-857e-e68bf625a5e0] Started GET "/en/lessons/3" for 127.0.0.1 at 2024-05-09 09:28:18 +0000
09:28:18 rails.1 | I, [2024-05-09T09:28:18.281181 #9]  INFO -- : [6652538d-36f9-4038-857e-e68bf625a5e0] Processing by LessonsController#show as HTML
09:28:18 rails.1 | I, [2024-05-09T09:28:18.281262 #9]  INFO -- : [6652538d-36f9-4038-857e-e68bf625a5e0]   Parameters: {"locale"=>"en", "id"=>"3"}
09:28:18 rails.1 | I, [2024-05-09T09:28:18.435475 #9]  INFO -- : [6652538d-36f9-4038-857e-e68bf625a5e0]   Rendered layout layouts/application.html.haml (Duration: 144.7ms | Allocations: 6606)
09:28:18 rails.1 | I, [2024-05-09T09:28:18.436073 #9]  INFO -- : [6652538d-36f9-4038-857e-e68bf625a5e0] Completed 200 OK in 155ms (Views: 141.1ms | ActiveRecord: 5.8ms | Allocations: 7373)
09:28:18 rails.1 | I, [2024-05-09T09:28:18.492291 #9]  INFO -- : [ac91aeaf-f093-4a89-827b-b195a40569d0] Started GET "/rails/active_storage/representations/redirect/eyJfcmFpbHMiOnsiZGF0YSI6MTAxLCJwdXIiOiJibG9iX2lkIn19--e91361e8e466942e7dfbc0ea9cf58d7b51a0e09d/eyJfcmFpbHMiOnsiZGF0YSI6eyJyZXNpemVfdG9fbGltaXQiOlszMDAsMzAwXSwiY29udmVydCI6ImF2aWYifSwicHVyIjoidmFyaWF0aW9uIn19--71329afb21246daba1445bd9648b5d3488dd4b35/2024520914051715233948_cheese_guide.pdf?locale=en" for 127.0.0.1 at 2024-05-09 09:28:18 +0000
09:28:18 rails.1 | I, [2024-05-09T09:28:18.496325 #9]  INFO -- : [ac91aeaf-f093-4a89-827b-b195a40569d0] Processing by ActiveStorage::Representations::RedirectController#show as PDF
09:28:18 rails.1 | I, [2024-05-09T09:28:18.496439 #9]  INFO -- : [ac91aeaf-f093-4a89-827b-b195a40569d0]   Parameters: {"locale"=>"en", "signed_blob_id"=>"eyJfcmFpbHMiOnsiZGF0YSI6MTAxLCJwdXIiOiJibG9iX2lkIn19--e91361e8e466942e7dfbc0ea9cf58d7b51a0e09d", "variation_key"=>"[FILTERED]", "filename"=>"2024520914051715233948_cheese_guide"}
09:28:18 rails.1 | I, [2024-05-09T09:28:18.529046 #9]  INFO -- : [ac91aeaf-f093-4a89-827b-b195a40569d0] Redirected to http://materials-production.eba-mitvugnt.ap-northeast-1.elasticbeanstalk.com/rails/active_storage/disk/eyJfcmFpbHMiOnsiZGF0YSI6eyJrZXkiOiJzNHh1dHJpbHBibTczMXp2MXJiMHEyanU1dm43IiwiZGlzcG9zaXRpb24iOiJhdHRhY2htZW50OyBmaWxlbmFtZT1cIjIwMjQ1MjA5MTQwNTE3MTUyMzM5NDhfY2hlZXNlX2d1aWRlLnBuZ1wiOyBmaWxlbmFtZSo9VVRGLTgnJzIwMjQ1MjA5MTQwNTE3MTUyMzM5NDhfY2hlZXNlX2d1aWRlLnBuZyIsImNvbnRlbnRfdHlwZSI6ImltYWdlL2F2aWYiLCJzZXJ2aWNlX25hbWUiOiJsb2NhbCJ9LCJleHAiOiIyMDI0LTA1LTA5VDA5OjMzOjE4LjUyNloiLCJwdXIiOiJibG9iX2tleSJ9fQ==--dc09764b8af135e21cdb1ac1eadacbd413712759/2024520914051715233948_cheese_guide.png
09:28:18 rails.1 | I, [2024-05-09T09:28:18.529284 #9]  INFO -- : [ac91aeaf-f093-4a89-827b-b195a40569d0] Completed 302 Found in 33ms (ActiveRecord: 3.9ms | Allocations: 2150)
09:28:18 rails.1 | I, [2024-05-09T09:28:18.545540 #9]  INFO -- : [5fa42aeb-ed8c-49c5-a7c2-4e403653d158] Started GET "/rails/active_storage/disk/eyJfcmFpbHMiOnsiZGF0YSI6eyJrZXkiOiJzNHh1dHJpbHBibTczMXp2MXJiMHEyanU1dm43IiwiZGlzcG9zaXRpb24iOiJhdHRhY2htZW50OyBmaWxlbmFtZT1cIjIwMjQ1MjA5MTQwNTE3MTUyMzM5NDhfY2hlZXNlX2d1aWRlLnBuZ1wiOyBmaWxlbmFtZSo9VVRGLTgnJzIwMjQ1MjA5MTQwNTE3MTUyMzM5NDhfY2hlZXNlX2d1aWRlLnBuZyIsImNvbnRlbnRfdHlwZSI6ImltYWdlL2F2aWYiLCJzZXJ2aWNlX25hbWUiOiJsb2NhbCJ9LCJleHAiOiIyMDI0LTA1LTA5VDA5OjMzOjE4LjUyNloiLCJwdXIiOiJibG9iX2tleSJ9fQ==--dc09764b8af135e21cdb1ac1eadacbd413712759/2024520914051715233948_cheese_guide.png" for 127.0.0.1 at 2024-05-09 09:28:18 +0000
09:28:18 rails.1 | I, [2024-05-09T09:28:18.548384 #9]  INFO -- : [5fa42aeb-ed8c-49c5-a7c2-4e403653d158] Processing by ActiveStorage::DiskController#show as PNG
09:28:18 rails.1 | I, [2024-05-09T09:28:18.548475 #9]  INFO -- : [5fa42aeb-ed8c-49c5-a7c2-4e403653d158]   Parameters: {"encoded_key"=>"[FILTERED]", "filename"=>"2024520914051715233948_cheese_guide"}
09:28:18 rails.1 | I, [2024-05-09T09:28:18.550433 #9]  INFO -- : [5fa42aeb-ed8c-49c5-a7c2-4e403653d158] Completed 404 Not Found in 2ms (ActiveRecord: 0.0ms | Allocations: 141)

and

09:28:20 rails.1 | I, [2024-05-09T09:28:20.307731 #9]  INFO -- : [50659eac-88aa-4592-8ddb-5d6b61a9d0e4] Processing by LessonsController#edit as HTML
09:28:20 rails.1 | I, [2024-05-09T09:28:20.307816 #9]  INFO -- : [50659eac-88aa-4592-8ddb-5d6b61a9d0e4]   Parameters: {"locale"=>"en", "id"=>"3"}
09:28:20 rails.1 | I, [2024-05-09T09:28:20.343898 #9]  INFO -- : [50659eac-88aa-4592-8ddb-5d6b61a9d0e4]   Rendered layout layouts/application.html.haml (Duration: 30.6ms | Allocations: 11075)
09:28:20 rails.1 | I, [2024-05-09T09:28:20.345036 #9]  INFO -- : [50659eac-88aa-4592-8ddb-5d6b61a9d0e4] Completed 200 OK in 37ms (Views: 30.3ms | ActiveRecord: 2.3ms | Allocations: 11570)
09:28:20 rails.1 | I, [2024-05-09T09:28:20.541708 #9]  INFO -- : [a8af6995-6e43-4679-8c7c-377f23b38c3e] Started GET "/rails/active_storage/disk/eyJfcmFpbHMiOnsiZGF0YSI6eyJrZXkiOiJzNHh1dHJpbHBibTczMXp2MXJiMHEyanU1dm43IiwiZGlzcG9zaXRpb24iOiJhdHRhY2htZW50OyBmaWxlbmFtZT1cIjIwMjQ1MjA5MTQwNTE3MTUyMzM5NDhfY2hlZXNlX2d1aWRlLnBuZ1wiOyBmaWxlbmFtZSo9VVRGLTgnJzIwMjQ1MjA5MTQwNTE3MTUyMzM5NDhfY2hlZXNlX2d1aWRlLnBuZyIsImNvbnRlbnRfdHlwZSI6ImltYWdlL2F2aWYiLCJzZXJ2aWNlX25hbWUiOiJsb2NhbCJ9LCJleHAiOiIyMDI0LTA1LTA5VDA5OjMzOjE4LjUyNloiLCJwdXIiOiJibG9iX2tleSJ9fQ==--dc09764b8af135e21cdb1ac1eadacbd413712759/2024520914051715233948_cheese_guide.png" for 127.0.0.1 at 2024-05-09 09:28:20 +0000
09:28:20 rails.1 | I, [2024-05-09T09:28:20.543647 #9]  INFO -- : [a8af6995-6e43-4679-8c7c-377f23b38c3e] Processing by ActiveStorage::DiskController#show as PNG
09:28:20 rails.1 | I, [2024-05-09T09:28:20.543734 #9]  INFO -- : [a8af6995-6e43-4679-8c7c-377f23b38c3e]   Parameters: {"encoded_key"=>"[FILTERED]", "filename"=>"2024520914051715233948_cheese_guide"}
09:28:20 rails.1 | I, [2024-05-09T09:28:20.544464 #9]  INFO -- : [a8af6995-6e43-4679-8c7c-377f23b38c3e] Completed 404 Not Found in 1ms (ActiveRecord: 0.0ms | Allocations: 140)

[Brett-Tanner]

Needed to give IAM permissions to my IAM user, not the service roles