This page walks through how to create AWS IAM Custom Policies, Groups, and Users and S3 Buckets. Then how to update those environmental variable in Heroku.
- Access IAM policies
- Create a policy
- Select to view JSON editor
- Enter this code:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "s3:ListAllMyBuckets",
"Resource": "arn:aws:s3:::*"
},
{
"Effect": "Allow",
"Action": "s3:*",
"Resource": [
"arn:aws:s3:::production.coyote",
"arn:aws:s3:::production.coyote/*"
]
}
]
}
- Name: production.coyote / staging.coyote
- Description: This group is allowed full access to the production.coyote S3 bucket only.
- Access IAM Groups
- Create New Group
- Name: production.coyote
- Apply production.coyote policy to new group
- Add Users
- User name: production.coyote / staging.coyote
- Access Type: Programmatic access
- Add user to group: production.coyote / staging.coyote
- Download the access key .csv so you can update the env variables on Heroku
- From your terminal, run
heroku config --app stagingcoyote(and the same forlivecoyote) to see what environmental variables need updating - You will see that you need to update the following environmental variables with new keys:
S3_ACCESS_KEY:S3_BUCKET:S3_SECRET_KEY:
- Update the variables with the following commands (do for
stagingandproduction:heroku config:set S3_ACCESS_KEY=theaccesskey --remote stagingheroku config:set S3_BUCKET=thebucketname --remote stagingheroku config:set S3_SECRET_KEY=thesecretkey --remote staging
- Double check by running
configagain to see that everything has updated properly
- Test staging by logging in, uploading a photo, then check the corresponding S3 bucket in AWS to ensure the file appears.