CarrierWave Fog Credentials, Access Denied

Asked 30/7, 2013 at 2:44 Answered 10/5, 2021 at 18:33

ruby-on-rails amazon-web-services amazon-s3 carrierwave fog

I am trying to use CarrierWave with Amazon S3. When I try to upload a file, through a rake task, I get this error:

rake aborted!
Expected(200) <=> Actual(403 Forbidden)

My CarrierWave initializer looks like this:

CarrierWave.configure do |config|
  config.fog_credentials = {
    provider: 'AWS',
    aws_access_key_id: MY_AWS_ACCESS_KEY_ID,
    aws_secret_access_key: MY_AWS_SECRET_ACCESS_KEY
  }
  config.fog_directory = MY_BUCKET
  config.fog_public = true
end

I do have real, hard-coded key/secret/bucket values set while I'm debugging this.

The rake task looks like this, and is successful when I have the CarrierWave uploader set to upload locally with storage: file:

Photo.create({
  image: File.new('lib/dummy_files/image.jpg')
})

Any help is much appreciated. Thanks!

Brezin answered 30/7, 2013 at 2:44 Comment(0)

I realized this has to do with the new AWS Identity and Access Management (IAM). I had created a new IAM user, but I hadn't given that user the correct privileges. In the past, there was only one user, and that user had admin privileges. Now you have to create a user, give that user the correct privileges, and use that user's credentials. I hope this helps someone.

Brezin answered 31/7, 2013 at 1:36 Comment(3)

Yeah, when you introduce IAM it does make things more complicated (especially compared to the admin-everything default credentials). Glad you were able to figure this out. – Yowl 31/7, 2013 at 15:7

I had the same problem and looked everywhere for a solution! Thanks for sharing – Uranalysis 16/2, 2014 at 2:47

Thanks very much for this. I been struggling with this for a while, and this comment saved me. – Isagoge 28/8, 2014 at 23:27

This answer helped me too ... specifically, it's under IAM > Users > Permissions > Attach User Policy

When you first create a user it gets no 'user policies' under 'permissions.' Once I attached a user policy things worked.

Hindustani answered 11/4, 2014 at 14:14 Comment(2)

You a true bro! Helping out and saving the day. – Muniment 10/11, 2014 at 18:50

I know this is old but your answer rescued me after hours of fighting permission errors. To provide even more detail for future lost souls... the policy that fixed it for me was called "AmazonS3FullAccess". Thanks! – Unreel 12/2, 2016 at 4:12

CarrierWave with S3 will for sure try & update the ACL of the object. If this permission is blocked from AWS S3 Bucket settings (Block all public access), carrierwave will abort mentioning Access Denied without much information on the error. This would happen even when we try with root-user creds with CarrierWave.

So turn-off the first 2 access to allow CarrierWave to update the ACL.

PS: Please ensure the objects are private unless intended to be public

Overelaborate answered 10/5, 2021 at 18:33 Comment(0)

Recommended topics

Hot tags