Skip to content
This repository has been archived by the owner on Jul 13, 2023. It is now read-only.

Unable to upload file on s3 using dockerised ECS container #2662

Open
venkydmadgundi opened this issue Jul 24, 2020 · 0 comments
Open

Unable to upload file on s3 using dockerised ECS container #2662

venkydmadgundi opened this issue Jul 24, 2020 · 0 comments

Comments

@venkydmadgundi
Copy link

My rails application deployed on Amazon ECS with dockerisation. When we are uploading file through rails console inside ECS docker shell then it is able to upload the file on s3 bucket, and we are able to upload files in s3 by aws-cli inside ECS docker shell, but when we are uploading file through the application using paperclip it was throwing s3 access denied error. We are using AWS service and given role-based access to the ECS container. We tried a couple of ways to solve the issue, but we are not able to resolve it.

What could be the issue of the paperclip is not able to upload the file on s3 bucket in ESC docker?

Please let me know if you need more information about the application.

Here some more details:
ruby 2.2.10
paperclip 4.2.1

Dockerfile: FROM ruby:2.2-alpine AS builder

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Action": [
                "secretsmanager:DescribeSecret",
                "secretsmanager:ListSecretVersionIds",
                "secretsmanager:GetResourcePolicy",
                "secretsmanager:GetSecretValue"
            ],
            "Resource": [
                "arn:aws:secretsmanager:eu-west-1:AWSAccountId:secret:cloud/dev/others-jwO8yQ",
                "arn:aws:secretsmanager:eu-west-1:AWSAccountId:secret:cloud/dev/Postgres-G7wgTO",
                "arn:aws:secretsmanager:eu-west-1:AWSAccountId:secret:cloud/dev/others-jwO8yQ"
            ],
            "Effect": "Allow",
            "Sid": "AllowSecretsManager"
        },
        {
            "Action": [
                "s3:*"
            ],
            "Resource": [
                "arn:aws:s3:::Bucket1",
                "arn:aws:s3:::Bucket2",
                "arn:aws:s3:::Bucket1/*",
                "arn:aws:s3:::Bucket2/*"
            ],
            "Effect": "Allow",
            "Sid": "AllowS3ReadWriteAccess"
        }
    ]
}```

Here is the logs:
_[AWS S3 403 0.089788 0 retries] put_object(:acl=>"public-read",:bucket_name=>"bucket",:cache_control=>"max-age=86400",:content_length=>87020,:content_type=>"image/jpeg",:data=>Paperclip::UploadedFileAdapter: 7b5b5330-112b-11ea-a77f-7c019be7ecae.jpg,:key=>"document/82aa61m2m3n4n5n6n6n7ec48c50458582dbbb/7bjewr-112b-11ea-a77f-89345ef.jpg") AWS::S3::Errors::Access Denied - Access Denied_
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@venkydmadgundi