Unable to upload files - Access denied
DrBeak1 opened this issue · comments
My setup:
const api = new ParseServer({
...
filesAdapter: {
module: "@parse/s3-files-adapter",
options: {
bucket: process.env.S3_BUCKET,
region: process.env.S3_REGION,
generateKey: null
}
}
})
Using heroku env:
S3_BUCKET=<redacted>
S3_REGION=<redacted>
S3_ACCESS_KEY=<redacted>
S3_SECRET_KEY=<redacted>
My policy:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": "s3:*",
"Resource": "arn:aws:s3:::<bucket-name>/*"
}
]
}
-
I'm seeing
Passing AWS credentials to this adapter is now DEPRECATED
at server start, though I thought it was OK to use the heroku config vars? -
I keep getting access denied when trying to upload. I followed all the steps here to configure my bucket and access policy.
Parse error: Access Denied {"code":130,"stack":"Error: Access Denied\n at createHandler (<path-to-parse>/parse-server/lib/Routers/FilesRouter.js:202:12)\n at processTicksAndRejections (internal/process/task_queues.js:97:5)"}
I've been combing through all the docs on this repo, through all the closed issues, and nothing seems to work. What am I missing here?
Where are your AWS Access and Secret keys? (Different from S3 keys)?
@dplewis I assumed that's what went in the S3_*
keys. The keys I am providing are access keys from a user I specifically created for this process.
The policy above, granting access to S3, is then attached to that user.
Where do I get the S3 keys from, if they are different from the Access Keys?
Thanks for your response : )
Was the CORs that got me. Working now. Thanks again for your response :D
<?xml version="1.0" encoding="UTF-8"?>
<CORSConfiguration xmlns="http://s3.amazonaws.com/doc/2006-03-01/">
<CORSRule>
<AllowedOrigin>*</AllowedOrigin>
<AllowedMethod>POST</AllowedMethod>
<AllowedMethod>GET</AllowedMethod>
<AllowedMethod>PUT</AllowedMethod>
<AllowedMethod>DELETE</AllowedMethod>
<AllowedMethod>HEAD</AllowedMethod>
<MaxAgeSeconds>3000</MaxAgeSeconds>
<AllowedHeader>*</AllowedHeader>
<AllowedHeader>Authorization</AllowedHeader>
</CORSRule>
</CORSConfiguration>```