Unable to upload files - Access denied

Question

Unable to upload files - Access denied

DrBeak1 opened this issue 4 years ago · comments

My setup:

const api = new ParseServer({
    ...
    filesAdapter: {
        module: "@parse/s3-files-adapter",
        options: {
            bucket: process.env.S3_BUCKET,
            region: process.env.S3_REGION,
            generateKey: null
        }
    }
})

Using heroku env:

S3_BUCKET=<redacted>
S3_REGION=<redacted>
S3_ACCESS_KEY=<redacted>
S3_SECRET_KEY=<redacted>

My policy:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "VisualEditor0",
            "Effect": "Allow",
            "Action": "s3:*",
            "Resource": "arn:aws:s3:::<bucket-name>/*"
        }
    ]
}

I'm seeing Passing AWS credentials to this adapter is now DEPRECATED at server start, though I thought it was OK to use the heroku config vars?
I keep getting access denied when trying to upload. I followed all the steps here to configure my bucket and access policy.

Parse error: Access Denied {"code":130,"stack":"Error: Access Denied\n    at createHandler (<path-to-parse>/parse-server/lib/Routers/FilesRouter.js:202:12)\n    at processTicksAndRejections (internal/process/task_queues.js:97:5)"}

I've been combing through all the docs on this repo, through all the closed issues, and nothing seems to work. What am I missing here?

Diamond Lewis · Answer 1 · Sun Aug 23 2020 11:18:46 GMT+0800 (China Standard Time)

Where are your AWS Access and Secret keys? (Different from S3 keys)?

Tangeman · Answer 2 · Sun Aug 23 2020 11:28:08 GMT+0800 (China Standard Time)

@dplewis I assumed that's what went in the S3_* keys. The keys I am providing are access keys from a user I specifically created for this process.

The policy above, granting access to S3, is then attached to that user.

Where do I get the S3 keys from, if they are different from the Access Keys?
Thanks for your response : )

Tangeman · Answer 3 · Sun Aug 23 2020 12:40:06 GMT+0800 (China Standard Time)

Was the CORs that got me. Working now. Thanks again for your response :D

<?xml version="1.0" encoding="UTF-8"?>
<CORSConfiguration xmlns="http://s3.amazonaws.com/doc/2006-03-01/">
<CORSRule>
    <AllowedOrigin>*</AllowedOrigin>
    <AllowedMethod>POST</AllowedMethod>
    <AllowedMethod>GET</AllowedMethod>
    <AllowedMethod>PUT</AllowedMethod>
    <AllowedMethod>DELETE</AllowedMethod>
    <AllowedMethod>HEAD</AllowedMethod>
    <MaxAgeSeconds>3000</MaxAgeSeconds>
    <AllowedHeader>*</AllowedHeader>
    <AllowedHeader>Authorization</AllowedHeader>
</CORSRule>
</CORSConfiguration>```