DEV Community

Discussion on: Setting Up Proper Amazon S3 Permissions for ActiveStorage

Collapse
janko profile image
Janko Marohnić

Note that the s3:ListBucket permission still needs to be on the bucket resource, i.e. arn:aws:s3:::NAME_OF_YOUR_BUCKET_GOES_HERE. This permission allows you to list objects in the bucket, which is needed for ActiveStorage's #delete_prefixed.

Thread Thread
kylekeesling profile image
Kyle Keesling Author • Edited on

Ahh - that must be what was causing my validation warning in the editor! How does this look?

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "VisualEditor0",
            "Effect": "Allow",
            "Action": [
                "s3:PutObject",
                "s3:GetObject",
                "s3:DeleteObject"
            ],
            "Resource": [
                "arn:aws:s3:::BUCKET_NAME_GOES_HERE/*"
            ]
        },
        {
            "Sid": "VisualEditor1",
            "Effect": "Allow",
            "Action": "s3:ListBucket",
            "Resource": "arn:aws:s3:::BUCKET_NAME_GOES_HERE"
        }
    ]
}