search

carrierwaveuploader / carrierwave-aws

AWS-SDK storage adapter for CarrierWave
MIT License
409 stars 107 forks source link

Not working with recommended bucket policy #140

Closed djalmaaraujo closed 5 years ago

djalmaaraujo commented 5 years ago

Aws::S3::Errors::AccessDenied in Admin::ApurationsController#create

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "s3:ListBucket"
            ],
            "Resource": "arn:aws:s3:::tradertax-files",
            "Principal": {
                "AWS": "XXX"
            }
        },
        {
            "Effect": "Allow",
            "Action": [
                "s3:PutObject",
                "s3:PutObjectAcl",
                "s3:GetObject",
                "s3:DeleteObject"
            ],
            "Resource": "arn:aws:s3:::tradertax-files/*",
            "Principal": {
                "AWS": "XXX"
            }
        }
    ]
}

I already restarted, added correct credentials, add my user as root even, and this policy is not working. ideas?

sorentwo commented 5 years ago

Can you share your carrierwave configuration, and, if you're overriding inside the uploader, that configuration as well?

genail commented 5 years ago

To anyone still having a similar issue: By default, S3 buckets are blocking put-object request with public-read ACL. If you're getting access denied errors despite valid configuration, make sure to check your S3 bucket Permissions tab and uncheck these two:

image