Search code examples
ruby-on-railsamazon-s3rails-activestorage

Bad Request when retrieving image using ActiveStorage and Amazon S3

I'm getting a Bad Request 400 when attempting to GET an image from S3. I suspect it might be an ACL issue but I'm at a loss as I'm able to succcessfully upload to S3 and I see the image file in the AWS Console.

index.html.erb

<%= image_tag url_for(post.photo) %>

That generates this link

http://localhost:3000/rails/active_storage/blobs/eyJfcmFpbHMiOnsibWVzc2FnZSI6IkJBaHBDQT09IiwiZXhwIjpudWxsLCJwdXIiOiJibG9iX2lkIn19--aeb32f210c13064270e52b720f34901fda2bd5a6/Kevin.jpg

Which causes the GET 400 Bad Request

https://myapplication.s3.us-east-2.amazonaws.com/jEtGANzYnkc8FAZyV9pFWRtG?response-content-disposition=inline%3B%20filename%3D%22Kevin.jpg%22%3B%20filename%2A%3DUTF-8%27%27Kevin.jpg&response-content-type=image%2Fjpeg

Logs show this

Started GET "/rails/active_storage/blobs/eyJfcmFpbHMiOnsibWVzc2FnZSI6IkJBaHBDQT09IiwiZXhwIjpudWxsLCJwdXIiOiJibG9iX2lkIn19--aeb32f210c13064270e52b720f34901fda2bd5a6/Kevin.jpg"

Processing by ActiveStorage::BlobsController#show as JPEG

Parameters: {"signed_id"=>"eyJfcmFpbHMiOnsibWVzc2FnZSI6IkJBaHBDQT09IiwiZXhwIjpudWxsLCJwdXIiOiJibG9iX2lkIn19--aeb32f210c13064270e52b720f34901fda2bd5a6", "filename"=>"Kevin"}

ActiveStorage::Blob Load (2.5ms)  SELECT  "active_storage_blobs".* FROM "active_storage_blobs" WHERE "active_storage_blobs"."id" = $1 LIMIT $2  [["id", 3], ["LIMIT", 1]]

S3 Storage (1.5ms) Generated URL for file at key: jEtGANzYnkc8FAZyV9pFWRtG (https://myapplication.s3.amazonaws.com/jEtGANzYnkc8FAZyV9pFWRtG)

Redirected to https://myapplication.s3.amazonaws.com/jEtGANzYnkc8FAZyV9pFWRtG

Completed 302 Found in 10ms (ActiveRecord: 2.9ms)

post.rb

class Post < ApplicationRecord
  belongs_to :user
  has_one_attached :photo
end

storage.yml with region of us-east-1

amazon:
  service: S3
  access_key_id: <%= Rails.application.credentials.aws[:access_key_id] %>
  secret_access_key: <%= Rails.application.credentials.aws[:secret_access_key] %>
  region: <%= Rails.application.credentials.aws[:region] %>
  bucket: <%= Rails.application.credentials.aws[:bucket] %>

environments/development.rb

config.active_storage.service = :amazon

posts_controller.rb

 def create
  @post = current_user.posts.build(post_params)

  if @post.save
    flash[:notice] = 'Post has been saved!'
  else
    flash[:alert] = 'Unable to save'
  end

  redirect_to posts_path
 end


 private

 def post_params
   params.require(:post).permit(:content, :photo)
 end
Solution

  • The problem was I needed a Bucket Policy. Something similar to this.

    {
"Version": "2012-10-17",
"Id": "Policy1548358022010",
"Statement": [
    {
        "Sid": "Stmt1548358017405",
        "Effect": "Allow",
        "Principal": {
            "AWS": "arn:aws:iam::number:user/name_of_a_user"
        },
        "Action": "s3:*",
        "Resource": "arn:aws:s3:::name_of_my_bucket"
    }
  ]
}