Skip to content

Instantly share code, notes, and snippets.

@bazzel

bazzel/CarrierWave and S3.md

Last active May 23, 2020 10:48
Show Gist options
  • Save bazzel/b1278cf42cdf708825b121e79efa7916 to your computer and use it in GitHub Desktop.
Save bazzel/b1278cf42cdf708825b121e79efa7916 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
CarrierWave and S3.md 
# config/initializers/carrier_wave.rb
CarrierWave.configure do |config|
  storage =
    case Rails.env
    when 'staging', 'production'
      :fog
    else
      :file
    end

  config.storage = storage

  config.fog_credentials = {
    provider: 'AWS',
    aws_access_key_id: ENV['AWS_ACCESS_KEY_ID'],
    aws_secret_access_key: ENV['AWS_SECRET_ACCESS_KEY'],
    region: ENV['AWS_REGION']
  }

  config.fog_directory = ENV['AWS_BUCKET_NAME']

  if Rails.env.test?
    config.enable_processing = false
    config.root = -> { Rails.public_path.join('tmp') }
    config.base_path = '/tmp'
  end
end

bucket permissions:

  • Block public access to buckets and objects granted through new public bucket or access point policies: On
  • Block public and cross-account access to buckets and objects through any public bucket or access point policies: On

IAM User:

{
    "Statement": [
        {
            "Effect": "Allow",
            "Action": ["s3:ListBucket" ],
            "Resource": [ "arn:aws:s3:::BUCKETNAME" ]
        },
        {
            "Effect": "Allow",
            "Action": [ "s3:PutObject", "s3:GetObject", "s3:DeleteObject", "s3:PutObjectAcl"],
            "Resource": [ "arn:aws:s3:::BUCKETNAME/*" ]
        }
    ]
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment