最近,我开始使用Michael Hartl的Ruby on Rails教程学习Rails。我已经完成了本教程,但是未能为用户的微博配置将图像上传到s3。
我已经配置了carrier_wave.rb文件,在aws中创建了一个IAM用户和一个s3存储桶,并将策略附加到IAM用户以访问我的存储桶。似乎没什么用,我总是得到
"Excon::Error::Forbidden (Expected(200) <=> Actual(403 Forbidden)
2019-04-19T04:52:31.446436+00:00 app[web.1]: excon.error.response"
尝试在生产环境中上传图像时出错
Heroku日志-(我已将日志中的heroku应用和s3存储桶名称替换为我的heroku应用s3存储桶名称
[fog][WARNING] fog: followed redirect to <s3 bucker name>.amazonaws.com, connecting to the matching region will be more performant
2019-04-19T04:52:31.444385+00:00 heroku[router]: at=info method=POST path="/microposts" host=<my heroku app> request_id=e5749cd5-ba34-40fe-bfc7-86c7ce5e6a6a fwd="103.217.242.189" dyno=web.1 connect=1ms service=11246ms status=500 bytes=1891 protocol=https
2019-04-19T04:52:31.445127+00:00 app[web.1]: D, [2019-04-19T04:52:31.445032 #12] DEBUG -- : [e5749cd5-ba34-40fe-bfc7-86c7ce5e6a6a] (1.2ms) ROLLBACK
2019-04-19T04:52:31.445581+00:00 app[web.1]: I, [2019-04-19T04:52:31.445526 #12] INFO -- : [e5749cd5-ba34-40fe-bfc7-86c7ce5e6a6a] Completed 500 Internal Server Error in 890ms (ActiveRecord: 37.4ms)
2019-04-19T04:52:31.446356+00:00 app[web.1]: F, [2019-04-19T04:52:31.446303 #12] FATAL -- : [e5749cd5-ba34-40fe-bfc7-86c7ce5e6a6a]
2019-04-19T04:52:31.446434+00:00 app[web.1]: F, [2019-04-19T04:52:31.446363 #12] FATAL -- : [e5749cd5-ba34-40fe-bfc7-86c7ce5e6a6a] Excon::Error::Forbidden (Expected(200) <=> Actual(403 Forbidden)
2019-04-19T04:52:31.446436+00:00 app[web.1]: excon.error.response
2019-04-19T04:52:31.446447+00:00 app[web.1]: :body => "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<Error><Code>SignatureDoesNotMatch</Code><Message>The request signature we calculated does not match the signature you provided. Check your key and signing method.</Message>
后面是我的aws访问密钥和许多数字(StringToSignBytes) 然后...
2019-04-19T04:52:31.446448+00:00 app[web.1]: :cookies => [
2019-04-19T04:52:31.446450+00:00 app[web.1]: ]
2019-04-19T04:52:31.446451+00:00 app[web.1]: :headers => {
2019-04-19T04:52:31.446453+00:00 app[web.1]: "Connection" => "close"
2019-04-19T04:52:31.446454+00:00 app[web.1]: "Content-Type" => "application/xml"
2019-04-19T04:52:31.446455+00:00 app[web.1]: "Date" => "Fri, 19 Apr 2019 04:52:31 GMT"
2019-04-19T04:52:31.446456+00:00 app[web.1]: "Server" => "AmazonS3"
2019-04-19T04:52:31.446458+00:00 app[web.1]: "x-amz-id-2" => "G/1U7/WV0h0AAXFPT19ncBYBI7NzwvOKTSMAXyC8DcW7+xTTPfkGALbc+6yRP2MqlUa2x7KMyZc="
2019-04-19T04:52:31.446459+00:00 app[web.1]: "x-amz-request-id" => "B98BDE6CED402707"
2019-04-19T04:52:31.446460+00:00 app[web.1]: }
2019-04-19T04:52:31.446461+00:00 app[web.1]: :host => "<s3 bucket name>.s3.us-east-2.amazonaws.com"
2019-04-19T04:52:31.446463+00:00 app[web.1]: :local_address => "172.18.241.110"
2019-04-19T04:52:31.446464+00:00 app[web.1]: :local_port => 42310
2019-04-19T04:52:31.446465+00:00 app[web.1]: :path => "/uploads/micropost/picture/16/IMG_20190307_111228.jpg"
2019-04-19T04:52:31.446466+00:00 app[web.1]: :port => 443
2019-04-19T04:52:31.446467+00:00 app[web.1]: :reason_phrase => "Forbidden"
2019-04-19T04:52:31.446468+00:00 app[web.1]: :remote_ip => "52.219.104.8"
2019-04-19T04:52:31.446469+00:00 app[web.1]: :status => 403
2019-04-19T04:52:31.446471+00:00 app[web.1]: :status_line => "HTTP/1.1 403 Forbidden\r\n"
2019-04-19T04:52:31.446472+00:00 app[web.1]: ):
2019-04-19T04:52:31.446475+00:00 app[web.1]: F, [2019-04-19T04:52:31.446437 #12] FATAL -- : [e5749cd5-ba34-40fe-bfc7-86c7ce5e6a6a]
2019-04-19T04:52:31.446512+00:00 app[web.1]: F, [2019-04-19T04:52:31.446476 #12] FATAL -- : [e5749cd5-ba34-40fe-bfc7-86c7ce5e6a6a] app/controllers/microposts_controller.rb:11:in `create'
s3 IAM用户策略
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "s3:*",
"Resource": [
"arn:aws:s3:::<my s3 bucket>*",
"arn:aws:s3:::<my s3 bucket>/*"
]
},
{
"Effect": "Allow",
"Action": "s3:ListAllMyBuckets",
"Resource": "arn:aws:s3:::*"
}
]
}
carrier-wave.rb
if Rails.env.production?
CarrierWave.configure do |config|
config.fog_credentials = {
# Configuration for Amazon S3
:provider => 'AWS',
:aws_access_key_id => ENV['S3_ACCESS_KEY'],
:aws_secret_access_key => ENV['S3_SECRET_KEY'],
}
config.fog_directory = ENV['S3_BUCKET']
end
end
我已经使用...设置了访问密钥,秘密密钥和存储桶。
$ heroku config:set S3_ACCESS_KEY= <access key>
$ heroku config:set S3_SECRET_KEY= <secret key>
$ heroku config:set S3_BUCKET= <bucket name>
我的宝石文件
source 'https://rubygems.org' # Get all ruby gems here
gem 'rails', '5.1.6'
gem 'bcrypt', '3.1.12'
gem 'faker', '1.7.3'
gem 'carrierwave', '1.2.2'
gem 'mini_magick', '4.7.0'
gem 'will_paginate', '3.1.6'
gem 'bootstrap-will_paginate', '1.0.0'
gem 'puma', '3.9.1'
gem 'sass-rails', '5.0.6'
gem 'uglifier', '3.2.0'
gem 'coffee-rails', '4.2.2'
gem 'jquery-rails', '4.3.1'
gem 'turbolinks', '5.0.1'
gem 'jbuilder', '2.7.0'
gem 'bootstrap-sass', '3.3.7'
group :development, :test do
gem 'sqlite3', '1.3.13'
gem 'byebug', '9.0.6', platform: :mri
end
group :development do
gem 'web-console', '3.5.1'
gem 'listen', '3.1.5'
gem 'spring', '2.0.2'
gem 'spring-watcher-listen', '2.0.1'
end
group :test do
gem 'rails-controller-testing', '1.0.2'
gem 'minitest', '5.10.3'
gem 'minitest-reporters', '1.1.14'
gem 'guard', '2.14.1'
gem 'guard-minitest', '2.4.6'
end
group :production do
gem 'pg', '0.20.0'
gem 'fog', '1.42'
end
# Windows does not include zoneinfo files, so bundle the tzinfo-data gem
gem 'tzinfo-data', platforms: [:mingw, :mswin, :x64_mingw, :jruby]
我已经尝试过更改s3存储桶区域,我的存储桶位于默认区域,并且已经在heroku中验证了我的配置变量,正确设置了S3_ACCESS_KEY,S3_SECRET_KEY和S3_BUCKET,并且S3_REGION = us-east-2。 / p>
这是我第一次与aws合作,如果有人可以帮助我解决这个问题,那就太好了。
答案 0 :(得分:0)
我仍然没有解决该问题的明确方法。我不得不面对两个问题...
“ us-east-1”区域错误;期待'us-east-2',我通过添加以下行
修复了该错误:region => ENV['S3_REGION']
然后在我的carrier_wave.rb文件中。
heroku config:set S3_REGION=<bucket region>
我还创建了一个新的存储区,新的IAM用户,并向该用户授予了AdministratorAccess权限
AccessDenied
在heroku日志中,我什至不知道为什么即使在为存储桶设置了所有正确的策略并向IAM用户添加完全访问权限后仍被拒绝访问,最后,我可以通过进入s3存储桶->权限->公共访问设置->编辑->然后取消选中选项...
我知道这可以使公众访问我的存储桶,但是目前,我只有这个选项才能使它正常工作(这是一个业余项目,因此对我来说公共访问无关紧要)。
但是,如果有人提出更好的解决方案,请告诉我...