AWS S3 AccessDenied. Bucket permissions are granted, so do I need Bucket Policy when I am the user?

3
votes

When I test an upload of an image to my S3 bucket I get an AWS::S3::AccessDenied (using Ruby on Rails). The code is using my own security key and secret code to my own bucket, on which I have all permission granted to myself (List,Upload/Delete,View Permissions,Edit Permission).

Do I also need to set ACL permission by entering a Bucket Policy? I don't understand why this would be necessary because my code uses my own account key to access S3. Also, the images are displaying fine on my site so there seems to be no problem with read permissions.

1
amazon-s3

1 Answers

5
votes

You don't need any policies at all set on the bucket, and should remove them, at least to get things running. Don't need any ACLs set either.

The AWS ID + secret for an account holder can access everything in a bucket without any ACL or policy set.

Once you get it working you might want to use amazon IAM to create a 'user' with lower amounts of access than the full account holder, and use that user's credentials in your ruby code to handle uploads.

I see that you want the uploaded images to have public read, to do this you need a policy or ACL, but that should not interfere with uploading. You can open up some read only access later.

Also try those AWS key and secret in a tool like Cyberduck, etc to see if its your ruby code or the IDs.