Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Public access for Active Storage in Rails 6.1

I use Active Storage on my Rails site with AWS. After upgrading to 6.1, I'd like to configure public access per the guide so my images have permanent URLs.

I've determined that I need to keep the existing service as-is so previously uploaded images continue to work. I've created a new service and configured the app to use it like this.

Previous images continue to work like this, but new image uploads result in Aws::S3::Errors::AccessDenied. Note that the credentials used are exactly the same as in the previous, working, non-public service. The guide mentions that the bucket needs to have the proper permissions, but not what exactly needs to be set.

Looking in AWS, the section "Block public access (bucket settings)" is all set to "Off". In "Access control list (ACL)", "Bucket owner (your AWS account)" has "List, Write" for both "Objects" and "Bucket ACL". No other permissions are listed. I've tried changing "Everyone (public access)" to include "List" for "Objects" and "Read" for "Bucket ACL" - doesn't seem to solve the problem.

How do I get public URLs working with Active Storage?

like image 652
Jason Barnabe Avatar asked Dec 16 '20 00:12

Jason Barnabe


People also ask

How do I add active storage in rails?

After creating a new application (or upgrading your application to Rails 5.2), run bin/rails active_storage:install to generate a migration that creates these tables. Use bin/rails db:migrate to run the migration. active_storage_attachments is a polymorphic join table that stores your model's class name.

What is ActiveStorage?

Active storage is an inbuilt gem in Rails that developers widely use to handle file uploads. Combined with the encrypted credentials feature in the latest releases of Rails, active storage is a safe and easy method to upload, serve, and analyze files onto cloud-based storage services as well as local storage.


1 Answers

The permission you need when switching from private access to public is PutObjectAcl. Adding this in the IAM Management Console makes it work.

In addition, rather than creating a new service, you can mark all images in the existing service as public-readable via the UI or via a script.

like image 199
Jason Barnabe Avatar answered Oct 23 '22 13:10

Jason Barnabe