Carrierwave, Fog, Amazon S3, Rails 4

Question

I'm trying to get Carrierwave to work with my Amazon S3 bucket, but I'm a bit down on my luck. In my config/initializers folder, I have a file called, carrierwave.rb. This file contains the following:

CarrierWave.configure do |config|
  config.fog_credentials = {
      :provider               => 'AWS',
      :aws_access_key_id      => ENV['AWS_ACCESS_KEY_ID'],
      :aws_secret_access_key  => ENV['AWS_SECRET_ACCESS_KEY']
  }
  config.cache_dir = "#{Rails.root}/tmp/uploads"
  config.fog_directory  = ENV['AWS_S3_BUCKET']
  config.fog_public     = true
  config.fog_attributes = {'Cache-Control' => 'max-age=315576000'}
end

I am using the gem figaro as a mechanism for housing my environment configuration variables. Inside of the application.yml, I am defining the ENV['AWS_ACCESS_KEY_ID'] , ENV['AWS_SECRET_ACCESS_KEY'], and ENV['AWS_S3_BUCKET'].

These three variables seem to be populating properly. Using an FTP program, I am able to connect to my amazon s3 instance, using the access key and secret access keys that I have defined in the application.yml file. I have triple checked that my public and secret keys are correct.

When trying to perform an upload in my Rails application, I receive an error stating that:

Expected(200) <=> Actual(403 Forbidden) response => #<Excon::Response:0x007fb29a862ac8 
@data={:body=>"<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<Error><
Code>SignatureDoesNotMatch</Code>
<Message>The request signature we calculated does not match the signature you provided. 
Check your key and signing method.</Message>

To remedy this, I have also tried to:

1. Create a new Amazon S3 bucket
2. Manually placing the access_key_id / secret_access_key / fog_directory in the configuration file.

Neither of these two options seem to be working. When I created a new S3 bucket and specified it in the config.fog_directory, I received the same error.

When I manually typed the keys and bucket name in the carrierwave.rb file, I still received the same error.

I've tried searching the web a bit for an answer, but most of the answers seem to be that a user mistakenly typed in the wrong access key or secret key. I do not believe that this is the case here, as I've copied and pasted the keys directly into the carrierwave.rb file from my S3 Management Console on Amazon.

If anyone has any insight or things that you would like me to try, please feel free to leave a comment. If you need any more information, please let me know and I will post it here. My application is a Rails 4 app, with the following gems:

gem 'carrierwave'
gem 'fog', github: 'fog/fog'
gem 'mini_magick'
gem 'figaro'

Thanks in advance!

Edit: A couple of additions:

I just now tried creating a new set of keys and once again copy + pasted the keys into my carrierwave.rb file. I'm still receiving the same error. My file now reads as follows:

CarrierWave.configure do |config|
  config.fog_credentials = {
      :provider               => 'AWS',
      :aws_access_key_id      => "***********",
      :aws_secret_access_key  => "***********"
  }

  config.cache_dir = "#{Rails.root}/tmp/uploads"
  config.fog_directory  = 'soawsthree'
  config.fog_public     = true
  config.fog_attributes = {'Cache-Control' => 'max-age=315576000'}
end

--

Response from the S3 Bucket. Note- the public access key listed below is correct. Not sure where the secret access key is being passed in?:

Expected(200) <=> Actual(403 Forbidden) response => #<Excon::Response:0x007fc6e3997008 @data={:body=>"<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<Error><Code>SignatureDoesNotMatch</Code><Message>The request signature we calculated does not match the signature you provided. Check your key and signing method.</Message><StringToSignBytes>50 55 54 0a 0a 69 6d 61 67 65 2f 70 6e 67 0a 46 72 69 2c 20 31 31 20 4f 63 74 20 32 30 31 33 20 30 34 3a 31 30 3a 34 31 20 2b 30 30 30 30 0a 78 2d 61 6d 7a 2d 61 63 6c 3a 70 75 62 6c 69 63 2d 72 65 61 64 0a 2f 75 70 6c 6f 61 64 73 2f 70 68 6f 74 6f 2f 70 69 63 2f 33 2f 74 6f 75 63 68 2e 70 6e 67</StringToSignBytes><RequestId>22E53DA9E453D05E</RequestId><HostId>ccNccOFV+iJa3/BM9RiwAqEwmJhr1KIMvmFm0EjhrBGkN4hwMWOuRF7qH5diDYd3</HostId><SignatureProvided>hiogXz0b65S/bOSWKvca7hyXzYI=</SignatureProvided><StringToSign>PUT\n\nimage/png\nFri, 11 Oct 2013 04:10:41 +0000\nx-amz-acl:public-read\n/uploads/photo/pic/3/touch.png</StringToSign><AWSAccessKeyId>AKIAIKNIDTDI2WI7RPNA</AWSAccessKeyId></Error>", :headers=>{"x-amz-request-id"=>"22E53DA9E453D05E", "x-amz-id-2"=>"ccNccOFV+iJa3/BM9RiwAqEwmJhr1KIMvmFm0EjhrBGkN4hwMWOuRF7qH5diDYd3", "Content-Type"=>"application/xml", "Transfer-Encoding"=>"chunked", "Date"=>"Fri, 11 Oct 2013 04:10:34 GMT", "nnCoection"=>"close", "Server"=>"AmazonS3"}, :status=>403, :remote_ip=>"72.21.195.65"}, @body="<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<Error><Code>SignatureDoesNotMatch</Code><Message>The request signature we calculated does not match the signature you provided. Check your key and signing method.</Message><StringToSignBytes>50 55 54 0a 0a 69 6d 61 67 65 2f 70 6e 67 0a 46 72 69 2c 20 31 31 20 4f 63 74 20 32 30 31 33 20 30 34 3a 31 30 3a 34 31 20 2b 30 30 30 30 0a 78 2d 61 6d 7a 2d 61 63 6c 3a 70 75 62 6c 69 63 2d 72 65 61 64 0a 2f 75 70 6c 6f 61 64 73 2f 70 68 6f 74 6f 2f 70 69 63 2f 33 2f 74 6f 75 63 68 2e 70 6e 67</StringToSignBytes><RequestId>22E53DA9E453D05E</RequestId><HostId>ccNccOFV+iJa3/BM9RiwAqEwmJhr1KIMvmFm0EjhrBGkN4hwMWOuRF7qH5diDYd3</HostId><SignatureProvided>hiogXz0b65S/bOSWKvca7hyXzYI=</SignatureProvided><StringToSign>PUT\n\nimage/png\nFri, 11 Oct 2013 04:10:41 +0000\nx-amz-acl:public-read\n/uploads/photo/pic/3/touch.png</StringToSign><AWSAccessKeyId>AKIAIKNIDTDI2WI7RPNA</AWSAccessKeyId></Error>", @headers={"x-amz-request-id"=>"22E53DA9E453D05E", "x-amz-id-2"=>"ccNccOFV+iJa3/BM9RiwAqEwmJhr1KIMvmFm0EjhrBGkN4hwMWOuRF7qH5diDYd3", "Content-Type"=>"application/xml", "Transfer-Encoding"=>"chunked", "Date"=>"Fri, 11 Oct 2013 04:10:34 GMT", "nnCoection"=>"close", "Server"=>"AmazonS3"}, @status=403, @remote_ip="72.21.195.65">

Answer 1

It appears as if Fog is using 'excon' in order to connect with the S3 bucket. I resolved my issue by removing fog and excon 0.27.2 . I switched over to the carrierwave-aws gem (using the same credentials, and everything is working as expected).