S3 Bucket Policy

37 views
Skip to first unread message

David Merrick

unread,
Feb 11, 2019, 4:42:40 AM2/11/19
to Ruby on Rails: Talk
Why I am getting this Error This policy contains invalid Json?

{
  "Version":"2019-02-11",
  "Id":"http referer policy example",
  "Statement":[
    {
      "Sid":"Allow get requests originating from www.example.com and example.com.",
      "Effect":"Allow",
      "Principal":"*",
      "Action":["s3:PutObject","s3:GetObject"],
      "Resource":"arn:aws:s3:::pininterest/*",
      "Condition":{
        "StringLike":{"aws:Referer":[https://young-fortress-50796.herokuapp.com/*"]}
      }
    }
  ]
}

Daniel Dunckel

unread,
Feb 11, 2019, 4:52:46 AM2/11/19
to rubyonra...@googlegroups.com
I see your URL is missing a double quote at the beginning. 

Try using jsonlint.com

--
You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group.
To unsubscribe from this group and stop receiving emails from it, send an email to rubyonrails-ta...@googlegroups.com.
To post to this group, send email to rubyonra...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/rubyonrails-talk/eea4c749-44ee-4dfc-9bd4-4d04c5a46018%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

David Merrick

unread,
Feb 11, 2019, 4:58:03 AM2/11/19
to Ruby on Rails: Talk
Thanks


For more options, visit https://groups.google.com/d/optout.


--
Dave Merrick

Daves Web Designs

Website http://www.daveswebdesigns.co.nz

Email merri...@gmail.com

Ph   03 216 2053

Cell 027 3089 169

David Merrick

unread,
Feb 11, 2019, 5:00:32 AM2/11/19
to Ruby on Rails: Talk
Fixed but now getting Access Denied Error

{
  "Version":"2012-10-17",
  "Id":"266865133225",
  "Statement":[
    {
      "Sid":"1",
      "Effect":"Allow",
      "Principal":"*",
      "Action":["s3:PutObject","s3:GetObject"],
      "Resource":"arn:aws:s3:::pininterest/*",
      "Condition":{
        "StringLike":{"aws:Referer":["https://young-fortress-50796.herokuapp.com/*"]}
      }
    }
  ]
}
On Mon, Feb 11, 2019 at 5:52 PM Daniel Dunckel <dandun...@gmail.com> wrote:

For more options, visit https://groups.google.com/d/optout.

Daniel Dunckel

unread,
Feb 11, 2019, 5:27:27 AM2/11/19
to rubyonra...@googlegroups.com
This policy must be applied to a user, group, or IAM role (and maybe other options).

Also, are you sure that your application is only using the granted actions? It's not trying to list buckets, list objects or other?

Check the IAM documentation. It's really thorough and should help you spot what's missing

Reply all
Reply to author
Forward
0 new messages