# config/initializers/carrier_wave.rb
CarrierWave.configure do |config|
storage =
case Rails.env
when 'staging', 'production'
:fog
else
:file
end
config.storage = storage
config.fog_credentials = {
provider: 'AWS',
aws_access_key_id: ENV['AWS_ACCESS_KEY_ID'],
aws_secret_access_key: ENV['AWS_SECRET_ACCESS_KEY'],
region: ENV['AWS_REGION']
}
config.fog_directory = ENV['AWS_BUCKET_NAME']
if Rails.env.test?
config.enable_processing = false
config.root = -> { Rails.public_path.join('tmp') }
config.base_path = '/tmp'
end
end
bucket permissions:
- Block public access to buckets and objects granted through new public bucket or access point policies: On
- Block public and cross-account access to buckets and objects through any public bucket or access point policies: On
IAM User:
{
"Statement": [
{
"Effect": "Allow",
"Action": ["s3:ListBucket" ],
"Resource": [ "arn:aws:s3:::BUCKETNAME" ]
},
{
"Effect": "Allow",
"Action": [ "s3:PutObject", "s3:GetObject", "s3:DeleteObject", "s3:PutObjectAcl"],
"Resource": [ "arn:aws:s3:::BUCKETNAME/*" ]
}
]
}