Trying to set up Amazon's S3 bucket: 403 Forbidden error & setting permissions

Question

I\'m following Hartl\'s railstutorial.org and have arrived at 11.4.4: Image upload in production. What I\'ve done:

• Signed up for Amazon Web Services
• I

Answer 1

In my case s3:PutObjectAcl was the permission that was missing

Answer 2

I had both the issues from the tutorial -

Look in your heroku logs -

Forbidden

and

Socket Error

Going round trying to resolve this over a day I basically reset back to basics, Recreated a new IAM user and a new s3 bucket but this time left the REGION as US standard - the only s3 authority I could find to attach as the policy was full access - nothing else - so attached that

Also retyping and confirming ENV variables on heroku as well as COPY AND PASTING the carrier_wave.rb from tutorial - to be sure to be sure .)

first time round I was fiddling and unsure what to do so i might of clicked a few different things- adding groups and permissions, viewing wrong things - sometimes a RESET and STEP through everything especially after exploring AWS and IMS and s3 for the first time.

Interesting that in heroku they INSTRUCT to set the bucket region as US standard and post a warning - Be sure to create a bucket in the same region as your app to take advantage of AWS’s free in-region data transfer rates.

good read for heroku to s3 configuration here -> https://devcenter.heroku.com/articles/s3

Answer 3

I had the same problem. Tried many solutions including S3@FullAccess, creating users, writing custom policies. If someone encounters the problem, then check bucket permissions. Go to bucketname > Permissions > Public Access Settings, then change two ACLs settings from True to False.

Answer 4

You may be missing a step which is to set your IAM policy if using an IAM user to configure your bucket.

Go to IAM console, select your user, go to the permissions tab, click the attach policy button and add administrator access.

After that the error should go away and you can upload files with no problem ;)

Answer 5

To enable S3 file Uploads, I had to:

• specify my region (us-west)
• create an IAM user
• add a Bucket Policy specifying that user as a Principal

{
    "Version": "2008-10-17",
    "Statement": [
        {
            "Sid": "AllowFileUpload",
            "Effect": "Allow",
            "Principal": {
                "AWS": "arn:aws:iam::XXXXXXX:user/instaswan"
            },
            "Action": [
                "s3:GetObject",
                "s3:PutObject",
                "s3:PutObjectAcl"
            ],
            "Resource": [
                "arn:aws:s3:::instaswan-dev",
                "arn:aws:s3:::instaswan-dev/*"
            ]
        }
    ]
}

Be sure to include both the top-level and "/*" Resource, and include any other "Action" attributes you need.

Answer 6

The root of the problem indeed turned out to be the permissions. It was necessary to write a custom policy and set the CORS configuration on the bucket. For any future users that want to implement this chapter of the rails tutorial, see Writing an IAM policy and CORS configuration for Amazon S3 for the necessary code.