Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

S3 connection timeout with IAM #22

Open
jamesrbrindle opened this issue Dec 30, 2015 · 3 comments
Open

S3 connection timeout with IAM #22

jamesrbrindle opened this issue Dec 30, 2015 · 3 comments

Comments

@jamesrbrindle
Copy link

Everything works perfectly when using file storage, am trying to upload to an S3 bucket but getting the following error:

[fog][WARNING] Unable to fetch credentials: connect timeout reached
[fog][WARNING] Unable to fetch credentials: connect timeout reached
[fog][WARNING] Unable to fetch credentials: connect timeout reached
   (0.2ms)  ROLLBACK
Completed 500 Internal Server Error in 181906ms

Excon::Errors::Forbidden (Expected(200) <=> Actual(403 Forbidden)
excon.error.response
  :body          => "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>CCEECDDC7942972B</RequestId><HostId>IIZYUhoTtGeD1HFN50/IB3cgo9O29c5zw/UcA3WbpkNbO9bU2Wk1NrQWaa8lZnS/J+zUlLbb8WQ=</HostId></Error>"
  :headers       => {
    "Content-Type"     => "application/xml"
    "Date"             => "Wed, 30 Dec 2015 14:49:09 GMT"
    "Server"           => "AmazonS3"
    "x-amz-id-2"       => "IIZYUhoTtGeD1HFN50/IB3cgo9O29c5zw/UcA3WbpkNbO9bU2Wk1NrQWaa8lZnS/J+zUlLbb8WQ="
    "x-amz-request-id" => "CCEECDDC7942972B"
  }
  :local_address => "XX.XX.XX.XX"
  :local_port    => 60431
  :reason_phrase => "Forbidden"
  :remote_ip     => "XX.XX.XX.XX"
  :status        => 403
  :status_line   => "HTTP/1.1 403 Forbidden\r\n"
):

dragonfly.rb configured as follows:

require 'dragonfly'
require 'dragonfly/s3_data_store'

# Configure
Dragonfly.app.configure do
  plugin :imagemagick

  secret "-- desensitised --"

  url_format "/media/:job/:name"

#  datastore :file,
#    root_path: Rails.root.join('public/system/dragonfly', Rails.env),
#    server_root: Rails.root.join('public')
  datastore :s3,
    bucket_name: AWS_S3_BUCKET,
    access_key_id: AWS_ACCESS_KEY_ID,
    secret_access_key: AWS_SECRET_ACCESS_KEY,
    region: 'eu-west-1',
    use_iam_profile: true,
    url_scheme: 'https',
    fog_storage_options: {
        :provider => "AWS",
        :aws_access_key_id => AWS_ACCESS_KEY_ID,
        :aws_secret_access_key => AWS_SECRET_ACCESS_KEY
    }

end

This might be more concerned with Fog than dragonfly but any chance you can help with a little diagnosis.

The AWS_ACCESS_KEY_ID and SECRET work fine with the aws-sdk gem and I can manually put files no problem.

I was thinking about doing a fork for aws-sdk but it seems pointless to duplicate what Fog is supposed to do if its fog's issue.

Thanks.

@siegfried
Copy link

Changing your policy as this gist did will help.

@bodrovis
Copy link

bodrovis commented Jun 9, 2016

I was experiencing the same issue with IAM. Removing use_iam_profile and setting the correct region (I was using eu-central) solved the problem.

@hellvinz
Copy link

you can't use both use_iam_profile and access keys as documented on the readme:
:use_iam_profile # boolean - if true, no need for access_key_id or secret_access_key

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

4 participants