Menu
I am using rails 5.2 and I am trying to set up Active Storage with Amazon S3. My application has full access to S3 and I am able to attach an avatar image to a user. But when I try to delete the avatar, I run into the following issues:
> user.avatar.attached? #true`
> user.avatar.purge
S3 Storage (697.9ms) Deleted file from key: Ns1KBRzdgxLNnY31sH72vT5t
S3 Storage (227.0ms) Deleted files by key prefix: variants/Ns1KBRzdgxLNnY31sH72vT5t/
Aws::S3::Errors::AccessDenied: Access Denied
Then when I inspect the bucket, the file was actually deleted, but looking in the database, both Blob, and the Attachment records are still present.
Any ideas why this is happening?
EDIT I made some updates in my IAM permissions following the advice from the accepted answer. These are the items that I updated:
In the end my policy json looked like this:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"s3:PutObject",
"s3:GetObject",
"s3:ListBucket",
"s3:DeleteObject"
],
"Resource": [
"arn:aws:s3:::my-bucket/*",
"arn:aws:s3:::my-bucket"
]
}
]
}
504
To remove an attachment from a model, call purge on the attachment. If your application is set up to use Active Job, removal can be done in the background instead by calling purge_later . Purging deletes the blob and the file from the storage service.
Active Storage uses two tables in your application's database named active_storage_blobs and active_storage_attachments . After creating a new application (or upgrading your application to Rails 5.2), run rails active_storage:install to generate a migration that creates these tables.
The S3 account you use for Active Storage must have the s3:DeleteObject permission for the entire bucket. (As specified in the Active Storage guide, it must also have the s3:ListBucket, s3:PutObject, and s3:GetObject permissions.)
81
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
