YAmazon S3 does not like dots in bucket names.

  • at

    at

    Just another code monkey

    More posts by at.

    at

at

1 min read
{
 "Statement": [{
  "Effect": "Allow",
  "Action": ["s3:AbortMultipartUpload", "s3:CreateBucket", "s3:DeleteBucket", "s3:DeleteObject", "s3:PutObject", "s3:PutObjectAcl"],
  "Resource": ["arn:aws:s3:::images_mysite_com/*"]
 }]
}

After a few good hours of getting “AWS::S3::Errors::AccessDenied” we finally figured out the minimum rights policy for S3 that works with CarrierWave (see above)!

One more thing to notice is that Amazon S3 does not like dots in bucket names. And the reason is that their SSL certificate is only valid for *.s3

Welcome to The infinite monkey theorem

Somewhere a monkey just typed Shakespeare in TypeScript. Be the first to read the masterpieces (and the hilarious misfires) landing on the blog.

The infinite monkey theorem © 2026 | The infinite monkey theorem - monkeys do not lie | rev 0aefca

Subscribe to The infinite monkey theorem

We fling fresh posts—no banana peels attached—straight to your inbox.