I’m getting an issue with S3 setup, wherein backups are uploading just fine to the s3 bucket but image uploads give this error
Encountered an error while migrating /uploads/default/original/1X/ea17a258eff7a95045bda914c10bac5a2de02c62.png: Aws::S3::Errors::AccessDenied: Access Denied while running rake task uploads:migrate_to_s3
It’s inadvisable to use the same bucket for backups and images, there are known issues with the admin dashboard when you do this. I would strongly recommend setting up a separate bucket for your images.
The best that I can tell from this error is that it is a permissions issue!
I’d start diagnosing from AWS then follow it up with a thorough investigation in admin dashboard for ommission or mispelled bucket names. If none of that works, I’d also recommend upgrading to latest and doing a rebuild just in case it’s just some old code not playing nice.
yes. it is already clear from the log that it is at AWS, bucket is given with caution following std., so couldn’t be that and discourse is latest. something is not catching my eyes at AWS
Anyway, I’m working on preventing the dashboard from timing out by converting the storage stats into a proper report and I’ll add protection against bucket reusage too.
I see in the latest release notes that 2.2.0 BETA 7 has a new feature for backups which requires separate buckets for discourse.
Is there a topic or post that elaborates on this and what needs to be done for existing setups to ensure nothing breaks. Preferably a step by step guide on how to make changes to S3, what permissions, what to check, what to change on discourse etc.
This was more like a setup and forget it step so I don’t even recall what I had done to get it working, it’s just been working and I’m concerned that upgrading to BETA 7 will now break something.
I’m currently updating our various S3 related Howto topics so that they reflect the latest changes in Discourse and S3. I’ll notify you when that’s done.
Essentially you need to either use two different buckets or a prefix for the backup bucket. For example, the following combinations will work:
Appreciate it, it would nice if you can highlight any special instructions/steps for existing installation to migrate to this new structure. The obvious concern is to avoid breaking something / lose data while going through this process. Can you recommend if one should make the changes first and then upgrade or vice-versa?
I assume both s3_upload_bucket and s3_backup_bucket currently have the same value (name-of-your-bucket) without any prefix.
The easiest solution in your case would be option 3 from above. Update the s3_backup_bucket and append a folder name to the bucket (e.g. name-of-your-bucket/backups). You can use the S3 Console to move existing backups into the new folder.
I guess changing the bucket settings before the upgrade is a good idea, but I afterwards should be fine too.
Option 3 - That was easy to move the backups to a folder within the bucket. Here are the steps I followed:
I created a folder in the bucket
moved the backup files into it and then
changed the s3 backup bucket setting on discourse
did a manual backup to test that it’s working
Thanks!
A related question about the “uploads” since this is “live” v/s the backup which is accessed once a day.
I see just 2 folders Original and Optimized, nothing else - I’m guessing that how it supposed to be
Using option 2, moving these 2 folders to a new folder called upload in the bucket, what’s the risk of breaking something here by doing it on the fly? What’s the right way to do it. E.g. move the folders into upload and then modify Discourse s3 upload bucket setting or vice versa or some other way?
EDIT: Or put the site into read-only mode, then move the folders in the buckets and finally update the settings on discourse upload bucket name?
Switching to option 2 is definitely the hardest. You’d need to rebake all posts after moving the files and updating the site setting. Of course it’s up to you, but I wouldn’t change a thing. Option 3 is supported and works.