自从默认切换到 public 后,为什么我通过 Carrierwave 使用 Fog 上传 S3 失败?
Why do my S3 uploads with Fog via Carrierwave fail since switching to public by default?
我尝试配置 CarrierWave,以便 S3 上传 public。
所以我更改了原来的配置设置:
config.fog_credentials = {
:provider => 'AWS',
:aws_access_key_id => ENV['AWS_ACCESS_KEY_ID'],
:aws_secret_access_key => ENV['AWS_SECRET_ACCESS_KEY'],
:region => 'eu-west-1'
}
config.fog_directory = 'com-blabla-bloblo'
config.fog_public = false
config.fog_attributes = {'Cache-Control'=>'max-age=315576000'}
刚刚设置:
config.fog_public = true
自此更改后,我无法再上传图片并出现以下错误:
2015-07-21T12:41:39.868983+00:00 app[web.1]: Excon::Errors::Forbidden (Expected(200) <=> Actual(403 Forbidden)
2015-07-21T12:41:39.868984+00:00 app[web.1]: excon.error.response
2015-07-21T12:41:39.868986+00:00 app[web.1]: :body => "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>XXX</RequestId><HostId>YYY</HostId></Error>"
2015-07-21T12:41:39.868987+00:00 app[web.1]: :headers => {
2015-07-21T12:41:39.868988+00:00 app[web.1]: "Connection" => "close"
2015-07-21T12:41:39.868989+00:00 app[web.1]: "Content-Type" => "application/xml"
2015-07-21T12:41:39.868991+00:00 app[web.1]: "Date" => "Tue, 21 Jul 2015 12:41:38 GMT"
2015-07-21T12:41:39.868992+00:00 app[web.1]: "Server" => "AmazonS3"
2015-07-21T12:41:39.868993+00:00 app[web.1]: "x-amz-id-2" => "ZZZ"
2015-07-21T12:41:39.868994+00:00 app[web.1]: "x-amz-request-id" => "ZZZ"
2015-07-21T12:41:39.868995+00:00 app[web.1]: }
2015-07-21T12:41:39.868997+00:00 app[web.1]: :local_address => "aaa.bbb.ccc.ddd"
2015-07-21T12:41:39.868998+00:00 app[web.1]: :local_port => 41659
2015-07-21T12:41:39.868999+00:00 app[web.1]: :reason_phrase => "Forbidden"
2015-07-21T12:41:39.869000+00:00 app[web.1]: :remote_ip => "aaa.bbb.ccc.ddd"
2015-07-21T12:41:39.869001+00:00 app[web.1]: :status => 403
2015-07-21T12:41:39.869002+00:00 app[web.1]: ):
2015-07-21T12:41:39.869004+00:00 app[web.1]: app/controllers/image_uploads_controller.rb:25:in `create'
我怀疑这与我的 AWS 用户的 IAM 配置文件有关:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": ["s3:ListBucket"],
"Resource": ["arn:aws:s3:::com-foo-bar"]
},
{
"Effect": "Allow",
"Action": [
"s3:PutObject",
"s3:GetObject",
"s3:DeleteObject"
],
"Resource": ["arn:aws:s3:::com-foo-bar/*"]
}
]
}
应用程序主机是 Heroku。
知道如何解决这个问题吗?
这项政策似乎解决了问题:
{
"Statement": [
{
"Action": "s3:*",
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::com-foo-bar",
"arn:aws:s3:::com-foo-bar/*"
],
"Condition": {}
},
{
"Effect": "Allow",
"Action": "s3:ListAllMyBuckets",
"Resource": "arn:aws:s3:::*",
"Condition": {}
}
]
}
我尝试配置 CarrierWave,以便 S3 上传 public。
所以我更改了原来的配置设置:
config.fog_credentials = {
:provider => 'AWS',
:aws_access_key_id => ENV['AWS_ACCESS_KEY_ID'],
:aws_secret_access_key => ENV['AWS_SECRET_ACCESS_KEY'],
:region => 'eu-west-1'
}
config.fog_directory = 'com-blabla-bloblo'
config.fog_public = false
config.fog_attributes = {'Cache-Control'=>'max-age=315576000'}
刚刚设置:
config.fog_public = true
自此更改后,我无法再上传图片并出现以下错误:
2015-07-21T12:41:39.868983+00:00 app[web.1]: Excon::Errors::Forbidden (Expected(200) <=> Actual(403 Forbidden)
2015-07-21T12:41:39.868984+00:00 app[web.1]: excon.error.response
2015-07-21T12:41:39.868986+00:00 app[web.1]: :body => "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>XXX</RequestId><HostId>YYY</HostId></Error>"
2015-07-21T12:41:39.868987+00:00 app[web.1]: :headers => {
2015-07-21T12:41:39.868988+00:00 app[web.1]: "Connection" => "close"
2015-07-21T12:41:39.868989+00:00 app[web.1]: "Content-Type" => "application/xml"
2015-07-21T12:41:39.868991+00:00 app[web.1]: "Date" => "Tue, 21 Jul 2015 12:41:38 GMT"
2015-07-21T12:41:39.868992+00:00 app[web.1]: "Server" => "AmazonS3"
2015-07-21T12:41:39.868993+00:00 app[web.1]: "x-amz-id-2" => "ZZZ"
2015-07-21T12:41:39.868994+00:00 app[web.1]: "x-amz-request-id" => "ZZZ"
2015-07-21T12:41:39.868995+00:00 app[web.1]: }
2015-07-21T12:41:39.868997+00:00 app[web.1]: :local_address => "aaa.bbb.ccc.ddd"
2015-07-21T12:41:39.868998+00:00 app[web.1]: :local_port => 41659
2015-07-21T12:41:39.868999+00:00 app[web.1]: :reason_phrase => "Forbidden"
2015-07-21T12:41:39.869000+00:00 app[web.1]: :remote_ip => "aaa.bbb.ccc.ddd"
2015-07-21T12:41:39.869001+00:00 app[web.1]: :status => 403
2015-07-21T12:41:39.869002+00:00 app[web.1]: ):
2015-07-21T12:41:39.869004+00:00 app[web.1]: app/controllers/image_uploads_controller.rb:25:in `create'
我怀疑这与我的 AWS 用户的 IAM 配置文件有关:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": ["s3:ListBucket"],
"Resource": ["arn:aws:s3:::com-foo-bar"]
},
{
"Effect": "Allow",
"Action": [
"s3:PutObject",
"s3:GetObject",
"s3:DeleteObject"
],
"Resource": ["arn:aws:s3:::com-foo-bar/*"]
}
]
}
应用程序主机是 Heroku。
知道如何解决这个问题吗?
这项政策似乎解决了问题:
{
"Statement": [
{
"Action": "s3:*",
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::com-foo-bar",
"arn:aws:s3:::com-foo-bar/*"
],
"Condition": {}
},
{
"Effect": "Allow",
"Action": "s3:ListAllMyBuckets",
"Resource": "arn:aws:s3:::*",
"Condition": {}
}
]
}