I'm trying to write a Ruby script that uploads a file to AWS and makes the file publicly available. I've done the following:
s3 = Aws::S3::Resource.new(
credentials: Aws::Credentials.new(KEY, SECRET),
region:'us-west-2'
)
obj = s3.bucket('stg-db').object('key')
obj.upload_file(filename)
This seems to work fine, except that the file isn't publicly available, and I can't get a public URL for it. But when I log into S3, I can see my file just fine.
To make it publicly available, I changed the last line to
obj.upload_file(filename, acl: 'public-read')
But I'm getting an access denied error when I do this. Is there some permission setting I am missing on my S3 bucket that is causing problems, or am I calling this incorrectly somehow?
After spending more time than I would like to admit playing around with S3 bucket policies, I figured out how to make it work.
I highly recommend these three AWS resources:
I created a policy that allows a particular user to have Object Upload, Object ACL, and Object Delete permissions for my bucket. Here's the JSON:
{
"Version": "2012-10-17",
"Id": "Policy1441134540846",
"Statement": [
{
"Sid": "Stmt1441134537688",
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::MY_USER_ID:user/[email protected]"
},
"Action": [
"s3:DeleteObject",
"s3:PutObjectAcl",
"s3:PutObject"
],
"Resource": "arn:aws:s3:::MY_BUCKET/*"
}
]
}
A few tips:
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With