Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Access denied on image upload #166

Open
simon-asp opened this issue Jan 29, 2019 · 8 comments
Open

Access denied on image upload #166

simon-asp opened this issue Jan 29, 2019 · 8 comments

Comments

@simon-asp
Copy link

Hey! I read all the old issues on the AWS issues, but I can't get it to work.

  • I have double checked all config vars in heroku.
  • Created a new IAM user in AWS and gave it this policy:
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "Stmt13242300",
            "Effect": "Allow",
            "Action": [
                "s3:*"
            ],
            "Resource": [
                "arn:aws:s3:::my-bucket/*"
            ]
        }
    ]
}

I used us-east-1 as mentioned here.

What could be wrong?
@topherolson
Copy link

@simon-asp I ran into the same issue. I was able to fix this by editing my public access list controls for the bucket in AWS.

Manage public access control lists (ACLs)
Block new public ACLs and uploading public objects (Recommended): False
Remove public access granted through public ACLs (Recommended): False

I have to admit, I'm not entirely sure what the security vulnerabilities this creates. If you have any info on this I'd love to hear about it.

@simon-asp
Copy link
Author

@topherolson Thanks! that didn't work for me.

Can you show me what you did otherwise?

@topherolson
Copy link

I did the standard install. So I would just make sure your Config Vars in Heroku are set properly, i.e. proper naming convention for your Bucket region.

@calebl
Copy link

calebl commented Nov 16, 2019

I'm running into this same issue. @simon-asp were you able to resolve? I have checked my credentials using the aws cli tool and I'm able to upload from there.

@paulmelnikow
Copy link

I ran into the Access Denied issue, and later a different issue where the image would successfully i upload but then couldn’t be displayed correctly. Eventually I was able to get the uploads working, though only by unsetting S3_ASSET_HOST_URL.

Have you checked whether you can create publicly readable assets from the CLI?

@cacabo
Copy link

cacabo commented Jun 17, 2020

Followed all of the above and can upload a resource via the CLI with the keys I provided—not sure why this isn't working and would appreciate any help!

@cacabo
Copy link

cacabo commented Jun 17, 2020

Ah actually updating the bucket policy per this repo seems to have done the trick!

@wsun
Copy link

wsun commented Feb 18, 2021

I had this "Access denied" issue too after blocking public access to my S3 bucket (I use Cloudfront to access images) - realized that the S3 adapter this project uses defaults to a public ACL when adding new images, so specifying a private ACL resolved this issue for me.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
6 participants
@wsun @topherolson @calebl @paulmelnikow @simon-asp @cacabo