How can I resolve AWS::S3::Errors:: Access Denied?


Hi I've followed the link below to configure paperclip with AWS S3 but I keep getting a "AWS::S3::ERRORS::AccessDenied (Access Denied):" from the heroku logs. If I remove my block public access settings, I am able to upload an image to my S3 folder without fail.

May I know if there's anything I should configure to make this work properly? My ENV files are 100% correct as they were able to connect when I removed block all public access..

I currently have a bucket policy like that and no CORS configuration

{ "Version": "2012-11-17", "Id": "Policy1231xxx1231xx", "Statement": [ { "Sid": "Stmt1123123123", "Effect": "Allow", "Principal": { "AWS": "arn:aws:iam::2123123123:user/someuser" }, "Action": "s3:*", "Resource": "arn:aws:s3:::somename" } ] }

gefragt vor 2 Jahren797 Aufrufe
1 Antwort
Akzeptierte Antwort

Hi andy,

From your description the S3 policy seems fine. Just to be sure, I would test the policy with the user you are trying to use. Just go to IAM -> (in the main Dashboard) Right side of the screen click in Policy Simulator -> Select the user you are trying to use -> Select the S3 bucket action you are tying to perform with that user.

About the paperclip configuration ( the one from the config folder like /config/environments/production.rb ), can you confirm you are using the following structure:

config.paperclip_defaults = {
    storage: :s3,
    s3_credentials => {
        bucket: ENV.fetch('S3_BUCKET_NAME'),
        access_key_id: ENV.fetch('AWS_ACCESS_KEY_ID'),
        secret_access_key:  ENV.fetch('AWS_SECRET_ACCESS_KEY'),
        s3_region: ENV.fetch('AWS_REGION')



beantwortet vor 2 Jahren
  • Minor issue in the config, works now. thanks!

Du bist nicht angemeldet. Anmelden um eine Antwort zu veröffentlichen.

Eine gute Antwort beantwortet die Frage klar, gibt konstruktives Feedback und fördert die berufliche Weiterentwicklung des Fragenstellers.

Richtlinien für die Beantwortung von Fragen