Use the right account to do this - avoid using same account as amazon.com
First, create your bucket, choose UE (Paris) as a region. There is no property nor permission to define at this step.
We're using the same bucket for all environments, we'll use the environment name in the store_dir (but only for non-production)
Then in AWS console, go to IAM
- create a user choosing "Programmatic access"
- in set permission, choose "attach existing policies directly"
- click on "create policy" then go on "json" tab
- copy an paste - but replace ##bucket_name## with your bucket name
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:ListBucket"
],
"Resource": [
"arn:aws:s3:::##bucket_name##"
]
},
{
"Effect": "Allow",
"Action": [
"s3:PutObject",
"s3:GetObject",
"s3:DeleteObject",
"s3:PutObjectAcl"
],
"Resource": [
"arn:aws:s3:::##bucket_name##/*"
]
}
]
}Add gem "fog-aws" to Gemfile
Create config/initializers/carrierwave.rb
CarrierWave.configure do |config|
config.fog_provider = 'fog/aws' # required
config.fog_credentials = {
provider: 'AWS', # required
aws_access_key_id: ENV["AWS_ACCESS_KEY"], # required
aws_secret_access_key: ENV["AWS_SECRET_KEY"], # required
region: ENV["S3_REGION"] # optional, defaults to 'us-east-1'
}
config.fog_directory = ENV["AWS_BUCKET"] # required
config.fog_public = true # optional, defaults to true
config.fog_attributes = { cache_control: "public, max-age=#{365.day.to_i}" } # optional, defaults to {}
end
In .rbenv-vars, add:
AWS_ACCESS_KEY=fill_in
AWS_SECRET_KEY=fill_in
AWS_BUCKET=bucket_name_here
S3_REGION=eu-west-3