Permission settings when uploading files to amazonS3 using fog in Rails

1

At first

Ruby on Rails Tutorial 13.4.4 requires you to upload files to AmazonS3 using fog. In order to upload files to AmazonS3, you need to set permissions between the IAM user and the S3 bucket, but if you simply google it, you will often get caught by sites that explain how to configure Amazon S3 Full Access in IAM.

Of course, since it is a tutorial, you can check the operation with this, and it may be enough as AWS to use for the first time. However, assuming production operation, you do not want to set FullAccess for IAM in the dark. If possible, I would like to limit bucket and set sufficient permissions.

How to set inline policies

By setting the following two inline policies on IAM, fog was able to upload, download, and delete files. By the way, it took quite a while because I did not set the permissions of the ACL ... fog probably sets the permissions of the object after uploading.

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "****",
            "Effect": "Allow",
            "Action": [
                "s3:GetBucketLocation",
                "s3:ListAllMyBuckets"
            ],
            "Resource": [
                "arn:aws:s3:::my-bucket"
            ]
        }
    ]
}
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "****",
            "Effect": "Allow",
            "Action": [
                "s3:GetObject",
                "s3:GetObjectAcl",
                "s3:PutObject",
                "s3:PutObjectAcl",
                "s3:DeleteObject"
            ],
            "Resource": [
                "arn:aws:s3:::my-bucket/*"
            ]
        }
    ]
}
Share:
1
Author by

Updated on November 02, 2017