TechQA.

Fog Gem - Access Denied on deleting S3 file

570 views Asked by At

I'm using fog gem with carrierwave for uploading files to s3. The upload is ok and works perfectly, but, once I try to delete some instance of my model with the file attached, it sends the delete request and returns Access Denied, as bellow:

[fog][WARNING] fog: followed redirect to bucket-name.s3-us-west-2.amazonaws.com, connecting to the matching region will be more performant
Excon::Error::Forbidden: Expected(204) <=> Actual(403 Forbidden)
excon.error.response
  :body          => "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>EB625F4C97AD368E</RequestId><HostId>E+We/GvBslMHoNn9nTT6Uw3t0qfJ9jXHCNkJRu0KOk5sk8WoFZbkaIyUB0WcWNPZuH2uCeoZTIo=</HostId></Error>"
  :cookies       => [
  ]
  :headers       => {
    "Content-Type"     => "application/xml"
    "Date"             => "Wed, 21 Dec 2016 14:48:53 GMT"
    "Server"           => "AmazonS3"
    "x-amz-id-2"       => "E+We/GvBslMHoNn9nTT6Uw3t0qfJ9jXHCNkJRu0KOk5sk8WoFZbkaIyUB0WcWNPZuH2uCeoZTIo="
    "x-amz-request-id" => "EB625F4C97AD368E"
  }
  :host          => "bucket-name.s3.amazonaws.com"
  :local_address => "192.168.2.106"
  :local_port    => 51425
  :path          => "/uploads/conta/pdf_conta/375/1530_09-2016.pdf"
  :port          => 443
  :reason_phrase => "Forbidden"
  :remote_ip     => "52.216.66.16"
  :status        => 403
  :status_line   => "HTTP/1.1 403 Forbidden\r\n"

    from /home/ronanlopes/.rvm/gems/ruby-2.3.1/gems/excon-0.54.0/lib/excon/middlewares/expects.rb:7:in `response_call'
    from /home/ronanlopes/.rvm/gems/ruby-2.3.1/gems/excon-0.54.0/lib/excon/middlewares/response_parser.rb:9:in `response_call'
    from /home/ronanlopes/.rvm/gems/ruby-2.3.1/gems/excon-0.54.0/lib/excon/connection.rb:388:in `response'
    from /home/ronanlopes/.rvm/gems/ruby-2.3.1/gems/excon-0.54.0/lib/excon/connection.rb:252:in `request'
    from /home/ronanlopes/.rvm/gems/ruby-2.3.1/gems/excon-0.54.0/lib/excon/middlewares/idempotent.rb:27:in `error_call'
    from /home/ronanlopes/.rvm/gems/ruby-2.3.1/gems/excon-0.54.0/lib/excon/middlewares/base.rb:11:in `error_call'
    from /home/ronanlopes/.rvm/gems/ruby-2.3.1/gems/excon-0.54.0/lib/excon/middlewares/base.rb:11:in `error_call'
    from /home/ronanlopes/.rvm/gems/ruby-2.3.1/gems/excon-0.54.0/lib/excon/connection.rb:272:in `rescue in request'
    from /home/ronanlopes/.rvm/gems/ruby-2.3.1/gems/excon-0.54.0/lib/excon/connection.rb:215:in `request'
    from /home/ronanlopes/.rvm/gems/ruby-2.3.1/gems/excon-0.54.0/lib/excon/middlewares/idempotent.rb:27:in `error_call'
    from /home/ronanlopes/.rvm/gems/ruby-2.3.1/gems/excon-0.54.0/lib/excon/middlewares/base.rb:11:in `error_call'
    from /home/ronanlopes/.rvm/gems/ruby-2.3.1/gems/excon-0.54.0/lib/excon/middlewares/base.rb:11:in `error_call'
    from /home/ronanlopes/.rvm/gems/ruby-2.3.1/gems/excon-0.54.0/lib/excon/connection.rb:272:in `rescue in request'
    from /home/ronanlopes/.rvm/gems/ruby-2.3.1/gems/excon-0.54.0/lib/excon/connection.rb:215:in `request'
    from /home/ronanlopes/.rvm/gems/ruby-2.3.1/gems/excon-0.54.0/lib/excon/middlewares/idempotent.rb:27:in `error_call'
    from /home/ronanlopes/.rvm/gems/ruby-2.3.1/gems/excon-0.54.0/lib/excon/middlewares/base.rb:11:in `error_call'
... 36 levels...
    from /home/ronanlopes/.rvm/gems/ruby-2.3.1/gems/railties-5.0.0.1/lib/rails/commands/console_helper.rb:9:in `start'
    from /home/ronanlopes/.rvm/gems/ruby-2.3.1/gems/railties-5.0.0.1/lib/rails/commands/commands_tasks.rb:78:in `console'
    from /home/ronanlopes/.rvm/gems/ruby-2.3.1/gems/railties-5.0.0.1/lib/rails/commands/commands_tasks.rb:49:in `run_command!'
    from /home/ronanlopes/.rvm/gems/ruby-2.3.1/gems/railties-5.0.0.1/lib/rails/commands.rb:18:in `<top (required)>'
    from /home/ronanlopes/.rvm/gems/ruby-2.3.1/gems/activesupport-5.0.0.1/lib/active_support/dependencies.rb:293:in `require'
    from /home/ronanlopes/.rvm/gems/ruby-2.3.1/gems/activesupport-5.0.0.1/lib/active_support/dependencies.rb:293:in `block in require'
    from /home/ronanlopes/.rvm/gems/ruby-2.3.1/gems/activesupport-5.0.0.1/lib/active_support/dependencies.rb:259:in `load_dependency'
    from /home/ronanlopes/.rvm/gems/ruby-2.3.1/gems/activesupport-5.0.0.1/lib/active_support/dependencies.rb:293:in `require'
    from /home/ronanlopes/HY Brazil/HyBrazil/bin/rails:9:in `<top (required)>'
    from /home/ronanlopes/.rvm/gems/ruby-2.3.1/gems/activesupport-5.0.0.1/lib/active_support/dependencies.rb:287:in `load'
    from /home/ronanlopes/.rvm/gems/ruby-2.3.1/gems/activesupport-5.0.0.1/lib/active_support/dependencies.rb:287:in `block in load'
    from /home/ronanlopes/.rvm/gems/ruby-2.3.1/gems/activesupport-5.0.0.1/lib/active_support/dependencies.rb:259:in `load_dependency'
    from /home/ronanlopes/.rvm/gems/ruby-2.3.1/gems/activesupport-5.0.0.1/lib/active_support/dependencies.rb:287:in `load'
    from /home/ronanlopes/.rvm/rubies/ruby-2.3.1/lib/ruby/2.3.0/rubygems/core_ext/kernel_require.rb:55:in `require'
    from /home/ronanlopes/.rvm/rubies/ruby-2.3.1/lib/ruby/2.3.0/rubygems/core_ext/kernel_require.rb:55:in `require'
    from -e:1:in `<main>'

The user token I'm using on my config has the AmazonS3FullAccess - AWS Managed policy, so it doesn't makes sense to me. Any ideas?

ruby-on-rails amazon-web-services amazon-s3 carrierwave fog
Original Q&A
1

There are 1 answers

0
ErvalhouS On BEST ANSWER

From what I see, you are setting the bucket_name variable on fog gem to be 'bucket-name', either that or you have edited it to post here. Your config/initializer/carrierwave.rb should look something like this

    CarrierWave.configure do |config|
      config.fog_credentials = {
        # Configuration for Amazon S3 should be made available through an Environment variable.
        # For local installations, export the env variable through the shell OR
        # if using Passenger, set an Apache environment variable.
        #
        # In Heroku, follow http://devcenter.heroku.com/articles/config-vars
        #
        # $ heroku config:add S3_KEY=your_s3_access_key S3_SECRET=your_s3_secret S3_REGION=eu-west-1 S3_ASSET_URL=http://assets.example.com/ S3_BUCKET_NAME=s3_bucket/folder

        # Configuration for Amazon S3
        :provider              => 'AWS',
        :aws_access_key_id     => ENV['S3_KEY'],
        :aws_secret_access_key => ENV['S3_SECRET'],
        :region                => ENV['S3_REGION']
       }

      # For testing, upload files to local `tmp` folder.
      if Rails.env.test? || Rails.env.cucumber?
        config.storage = :file
        config.enable_processing = false
        config.root = "#{Rails.root}/tmp"
      else
        config.storage = :fog
      end

      config.cache_dir = "#{Rails.root}/tmp/uploads"                  # To let CarrierWave work on heroku

      config.fog_directory    = ENV['S3_BUCKET_NAME']
      config.s3_access_policy = :public_read                          # Generate http:// urls. Defaults to :authenticated_read (https://)
      config.fog_host         = "#{ENV['S3_ASSET_URL']}/#{ENV['S3_BUCKET_NAME']}"
    end

You may be setting ENV['S3_BUCKET_NAME'] or ENV['S3_ASSET_URL'] variables wrong, or even setting it mannually, check those in your .env file

Related Questions in RUBY-ON-RAILS

Related Questions in AMAZON-WEB-SERVICES

Related Questions in AMAZON-S3

Related Questions in CARRIERWAVE

Related Questions in FOG

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Trending Questions