S3 Bucket Policy

[David Merrick]

Why I am getting this Error This policy contains invalid Json?

{

  "Version":"2019-02-11",

  "Id":"http referer policy example",

  "Statement":[

    {

      "Sid":"Allow get requests originating from www.example.com and example.com.",

      "Effect":"Allow",

      "Principal":"*",

      "Action":["s3:PutObject","s3:GetObject"],

      "Resource":"arn:aws:s3:::pininterest/*",

      "Condition":{

        "StringLike":{"aws:Referer":[https://young-fortress-50796.herokuapp.com/*"]}

      }

    }

  ]

}

[Daniel Dunckel]

I see your URL is missing a double quote at the beginning. 

Try using jsonlint.com

--
You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group.
To unsubscribe from this group and stop receiving emails from it, send an email to rubyonrails-ta...@googlegroups.com.
To post to this group, send email to rubyonra...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/rubyonrails-talk/eea4c749-44ee-4dfc-9bd4-4d04c5a46018%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[David Merrick]

Thanks

To view this discussion on the web visit https://groups.google.com/d/msgid/rubyonrails-talk/CANt%2BEVHc6DC_pbeFt6BZx_B_kYXhXuJBCsB3qox0wR3%2BQqVZsA%40mail.gmail.com.

For more options, visit https://groups.google.com/d/optout.

--

Dave Merrick

Daves Web Designs

Website http://www.daveswebdesigns.co.nz

Email merri...@gmail.com

Ph   03 216 2053

Cell 027 3089 169

[David Merrick]

Fixed but now getting Access Denied Error

{

  "Version":"2012-10-17",

  "Id":"266865133225",

  "Statement":[

    {

      "Sid":"1",

      "Effect":"Allow",

      "Principal":"*",

      "Action":["s3:PutObject","s3:GetObject"],

      "Resource":"arn:aws:s3:::pininterest/*",

      "Condition":{

        "StringLike":{"aws:Referer":["https://young-fortress-50796.herokuapp.com/*"]}

      }

    }

  ]

}

On Mon, Feb 11, 2019 at 5:52 PM Daniel Dunckel <dandun...@gmail.com> wrote:

To view this discussion on the web visit https://groups.google.com/d/msgid/rubyonrails-talk/CANt%2BEVHc6DC_pbeFt6BZx_B_kYXhXuJBCsB3qox0wR3%2BQqVZsA%40mail.gmail.com.

For more options, visit https://groups.google.com/d/optout.

[Daniel Dunckel]

This policy must be applied to a user, group, or IAM role (and maybe other options).

Also, are you sure that your application is only using the granted actions? It's not trying to list buckets, list objects or other?

Check the IAM documentation. It's really thorough and should help you spot what's missing

To view this discussion on the web visit https://groups.google.com/d/msgid/rubyonrails-talk/CA%2B%3DMcKYmerKL0aFWuRNbsQvyNMjSdLS%2BwWetFsB1V3ubnOKbAA%40mail.gmail.com.