I am using rails 5.2 and I am trying to set up Active Storage with Amazon S3. My application has full access to S3 and I am able to attach an avatar image to a user. But when I try to delete the avatar, I run into the following issues:
> user.avatar.attached? #true`
> user.avatar.purge
S3 Storage (697.9ms) Deleted file from key: Ns1KBRzdgxLNnY31sH72vT5t
S3 Storage (227.0ms) Deleted files by key prefix: variants/Ns1KBRzdgxLNnY31sH72vT5t/
Aws::S3::Errors::AccessDenied: Access Denied
Then when I inspect the bucket, the file was actually deleted, but looking in the database, both Blob, and the Attachment records are still present.
Any ideas why this is happening?
EDIT I made some updates in my IAM permissions following the advice from the accepted answer. These are the items that I updated:
In the end my policy json looked like this:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"s3:PutObject",
"s3:GetObject",
"s3:ListBucket",
"s3:DeleteObject"
],
"Resource": [
"arn:aws:s3:::my-bucket/*",
"arn:aws:s3:::my-bucket"
]
}
]
}
The S3 account you use for Active Storage must have the s3:DeleteObject permission for the entire bucket. (As specified in the Active Storage guide, it must also have the s3:ListBucket, s3:PutObject, and s3:GetObject permissions.)