search

markevans / dragonfly-s3_data_store

S3 data store for the Dragonfly ruby gem
MIT License
62 stars 58 forks source link

S3 connection timeout with IAM #22

Open jamesrbrindle opened 8 years ago

jamesrbrindle commented 8 years ago

Everything works perfectly when using file storage, am trying to upload to an S3 bucket but getting the following error:

[fog][WARNING] Unable to fetch credentials: connect timeout reached
[fog][WARNING] Unable to fetch credentials: connect timeout reached
[fog][WARNING] Unable to fetch credentials: connect timeout reached
   (0.2ms)  ROLLBACK
Completed 500 Internal Server Error in 181906ms

Excon::Errors::Forbidden (Expected(200) <=> Actual(403 Forbidden)
excon.error.response
  :body          => "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>CCEECDDC7942972B</RequestId><HostId>IIZYUhoTtGeD1HFN50/IB3cgo9O29c5zw/UcA3WbpkNbO9bU2Wk1NrQWaa8lZnS/J+zUlLbb8WQ=</HostId></Error>"
  :headers       => {
    "Content-Type"     => "application/xml"
    "Date"             => "Wed, 30 Dec 2015 14:49:09 GMT"
    "Server"           => "AmazonS3"
    "x-amz-id-2"       => "IIZYUhoTtGeD1HFN50/IB3cgo9O29c5zw/UcA3WbpkNbO9bU2Wk1NrQWaa8lZnS/J+zUlLbb8WQ="
    "x-amz-request-id" => "CCEECDDC7942972B"
  }
  :local_address => "XX.XX.XX.XX"
  :local_port    => 60431
  :reason_phrase => "Forbidden"
  :remote_ip     => "XX.XX.XX.XX"
  :status        => 403
  :status_line   => "HTTP/1.1 403 Forbidden\r\n"
):

dragonfly.rb configured as follows:

require 'dragonfly'
require 'dragonfly/s3_data_store'

# Configure
Dragonfly.app.configure do
  plugin :imagemagick

  secret "-- desensitised --"

  url_format "/media/:job/:name"

#  datastore :file,
#    root_path: Rails.root.join('public/system/dragonfly', Rails.env),
#    server_root: Rails.root.join('public')
  datastore :s3,
    bucket_name: AWS_S3_BUCKET,
    access_key_id: AWS_ACCESS_KEY_ID,
    secret_access_key: AWS_SECRET_ACCESS_KEY,
    region: 'eu-west-1',
    use_iam_profile: true,
    url_scheme: 'https',
    fog_storage_options: {
        :provider => "AWS",
        :aws_access_key_id => AWS_ACCESS_KEY_ID,
        :aws_secret_access_key => AWS_SECRET_ACCESS_KEY
    }

end

This might be more concerned with Fog than dragonfly but any chance you can help with a little diagnosis.

The AWS_ACCESS_KEY_ID and SECRET work fine with the aws-sdk gem and I can manually put files no problem.

I was thinking about doing a fork for aws-sdk but it seems pointless to duplicate what Fog is supposed to do if its fog's issue.

Thanks.

siegfried commented 8 years ago

Changing your policy as this gist did will help.

bodrovis commented 8 years ago

I was experiencing the same issue with IAM. Removing use_iam_profile and setting the correct region (I was using eu-central) solved the problem.

hellvinz commented 4 years ago

you can't use both use_iam_profile and access keys as documented on the readme: :use_iam_profile # boolean - if true, no need for access_key_id or secret_access_key