ror

Minimum rights policy for S3 that works with CarrierWave

YAmazon S3 does not like dots in bucket names.

{
	"Statement": [{
		"Effect": "Allow",
		"Action": ["s3:AbortMultipartUpload", "s3:CreateBucket", "s3:DeleteBucket", "s3:DeleteObject", "s3:PutObject", "s3:PutObjectAcl"],
		"Resource": ["arn:aws:s3:::images_mysite_com/*"]
	}]
}

After a few good hours of getting “AWS::S3::Errors::AccessDenied” we finally figured out the minimum rights policy for S3 that works with CarrierWave (see above)!

One more thing to notice is that Amazon S3 does not like dots in bucket names. And the reason is that their SSL certificate is only valid for *.s3

Subscribe to The infinite monkey theorem

Get the latest posts delivered right to your inbox