Subscribe to The infinite monkey theorem

Stay up to date! Get all the latest & greatest posts delivered straight to your inbox

ror,  s3,  carrier-wave

Minimum rights policy for S3 that works with CarrierWave

YAmazon S3 does not like dots in bucket names.

  • at

    at

    Just another code monkey

    More posts by at.

    at

at

1 min read
Minimum rights policy for S3 that works with CarrierWave
{
	"Statement": [{
		"Effect": "Allow",
		"Action": ["s3:AbortMultipartUpload", "s3:CreateBucket", "s3:DeleteBucket", "s3:DeleteObject", "s3:PutObject", "s3:PutObjectAcl"],
		"Resource": ["arn:aws:s3:::images_mysite_com/*"]
	}]
}

After a few good hours of getting “AWS::S3::Errors::AccessDenied” we finally figured out the minimum rights policy for S3 that works with CarrierWave (see above)!

One more thing to notice is that Amazon S3 does not like dots in bucket names. And the reason is that their SSL certificate is only valid for *.s3

Subscribe to The infinite monkey theorem

Get the latest posts delivered right to your inbox

The infinite monkey theorem © 2024 | The infinite monkey theorem - monkeys do not lie