I'm trying to upload images to S3 using Carrierwave (1.0.0 on Rails 4.2). I get 403 Access Denied. However, when I do a manual PUT request using curl, it works just fine. I have confirmed that Rails is reading my secrets correctly. All of this implies to me that Excon is somehow not sending my credentials.
What can I do?
Working curl command:
$ file=airplane.jpg
$ bucket=mybucket
$ resource="/${bucket}/${file}"
$ contentType="image/jpeg"
$ dateValue=`date -R`
$ stringToSign="PUT\n\n${contentType}\n${dateValue}\n${resource}"
$ s3Key=redacted:)
$ s3Secret=redacted:)
$ signature=`echo -en ${stringToSign} | openssl sha1 -hmac ${s3Secret} -binary | base64`
$ curl -X PUT -T "${file}" \
> -H "Host: ${bucket}.s3.amazonaws.com" \
> -H "Date: ${dateValue}" \
> -H "Content-Type: ${contentType}" \
> -H "Authorization: AWS ${s3Key}:${signature}" \
> https://${bucket}.s3.amazonaws.com/${file}
Carrierwave config:
config.fog_credentials = {
provider: 'AWS',
aws_access_key_id: secrets[:aws_access_key_id],
aws_secret_access_key: secrets[:aws_secret_access_key],
region: 'eu-west-1',
host: 's3-eu-west-1.amazonaws.com'
}
config.fog_provider = 'fog/aws'
config.storage :fog
config.fog_directory = 'mybucket'
config.fog_public = true
config.fog_attributes = { 'Cache-Control' => 'max-age=315576000' }
EDIT: An update - I don't know what I changed, but suddenly I get the following error when using the curl command:
<Error><Code>SignatureDoesNotMatch</Code><Message>The request signature we calculated does not match the signature you provided. Check your key and signing method.</Message></Error>
This was ultimately down to S3 being misconfigured. I no longer remember the exact details.