Skip to content
This repository has been archived by the owner on Jul 13, 2023. It is now read-only.

Paperclip with Amazon S3 Without Credentials And Match Bug

Gaurav Sobti edited this page Nov 20, 2018 · 1 revision

You can use Paperclip for saving files to Amazon S3.

see also "https://devcenter.heroku.com/articles/paperclip-s3":https://devcenter.heroku.com/articles/paperclip-s3

"http://rubydoc.info/gems/paperclip/Paperclip/Storage/S3":http://rubydoc.info/gems/paperclip/Paperclip/Storage/S3

Use gems "aws-sdk-s3" and "paperclip"

In development.rb:

  config.paperclip_defaults = {
    :storage => :s3,
    :s3_host_name => 'REMOVE_THIS_LINE_IF_UNNECESSARY',
    :s3_credentials => {
      :access_key_id => AWS_ACCESS_KEY_ID,
      :secret_access_key => AWS_SECRET_ACCESS_KEY,
      :s3_region => "YOUR_S3_REGION_HERE"
    },
    :bucket => 'S3_BUCKET_NAME'
  }

In production.rb:

  config.paperclip_defaults = {
    :storage => :s3,
    :preserve_files => true,
    :s3_host_name => 'REMOVE_THIS_LINE_IF_UNNECESSARY',
    :s3_credentials => {
      :access_key_id => AWS_ACCESS_KEY_ID,
      :secret_access_key => AWS_SECRET_ACCESS_KEY,
      :s3_region => "YOUR_S3_REGION_HERE"
    },
    :bucket => 'S3_BUCKET_NAME'
  }

Note: @:preserve_files@ is strongly recommended in production configurations to avoid file loss as described in "issue 1929":https://github.com/thoughtbot/paperclip/issues/1929 .

In aws.yml (automatically loaded by aws-sdk):

development:
  access_key_id: AWS_ACCESS_KEY_ID
  secret_access_key: AWS_SECRET_KEY_ID

production:
  access_key_id: AWS_ACCESS_KEY_ID
  secret_access_key: AWS_SECRET_KEY_ID

You may need to state the s3 host_name if other than US standard: "http://www.rubydoc.info/gems/paperclip/Paperclip/Storage/S3#s3_host_name-instance_method":http://www.rubydoc.info/gems/paperclip/Paperclip/Storage/S3#s3_host_name-instance_method

h2. AWS Permissions

The access key and secret can be obtained from AWS when you create an IAM user. You will need to add a policy to the bucket as well, so the user has appropriate permissions. Here is a template you can use:

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "",
      "Effect": "Allow",
      "Principal": {
      "AWS": "(user-ARN)"
    },
      "Action": "s3:*",
      "Resource": "arn:aws:s3:::(bucket-name)/*"
    }
  ]
}

The users ARN can be obtained from the IAM console.