Upload objects to private S3 is not working

mahcr · March 2, 2021, 8:57am

After doing a big research, I’ve not found any guide to upload images to S3 with private ACL.

I’m experiencing a weird behavior where the backups work but not uploadimg of images.

I narrowed the issue down to a problem with ACL of the bucket (I proved that the problem is the ACL since I’m able to upload file using the sdk without specifing the ACL flag). In some cases the “block access to public” permission are set at account level and not bucket level so deactivating the checkbox in the bucket config won’t work.

I noticed that the S3 upload config code was updated, and now the ACL is set based on a param, is there away to pass that config down? discourse/s3_store.rb at tests-passed · discourse/discourse · GitHub

pfaffman · March 2, 2021, 11:38am

Secure Media Uploads describes how to limit uploads to logged in users. Perhaps that will help?

mahcr · March 2, 2021, 7:04pm

I tried that, images get uploaded but I get a 500 error in the dashboard with no clue, no logs

shawnngtq · December 26, 2021, 1:53am

@mahcr ,

I face the same issue. I can do backup but can’t upload image due to “The bucket does not allow ACLs”.

For IAM, I attached AmazonS3FullAccess policy, but still same error.

Do you have any solution?

seong · June 11, 2022, 11:22am

I’m having the same issue: backup works but upload doesn’t.

This guide is outdated:

This guide seems to be valuable for the CDN part, but is not the full solution:

Configure an S3 compatible object storage provider for uploads

For the record here is what I did:

Went to AWS console, under Network and Content Delivery picked Cloudfront

Clicked the Create distribution button

Filled out the fairly obvious form, the only thing you really need to do on it is to pick your AWS S3 bucket where the images are from the drop-down menu.

Waited a bit for the Cloudfront configuration to finish…

A <gibberish>.cloudfront.net domain showed up in the “Domain Name” column of the Cloudfront Distributions list.

I copied and pasted that domain into the s3 cdn url field in my site admin File settings.

I did some tests:
a. I made a new post with an image upload and indeed it was on cloudfront.
b. I hit Rebuild HTML on some random existing image posts and saw they also rebuilt with cloudfront.net images.

Since all looked good I went in and ran a rebake, which took several hours as I have around half a million posts now:
./launcher enter app
# rake posts:rebake
All seems to be working fine. It put a ton of jobs in the sidekiq queue, one per post it looks like, which are going to take a few days to clear but it is chunking though them now.

lisbethw1130 · June 14, 2022, 10:13am

I got the same issue, too. Backup upload works but image upload shows “The bucket does not allow ACLs”
And it fixed by modifying one permission in IAM and two settings in bucket

First I changed the guide about IAM permission from “s3:HeadBucket” to “s3:ListBucket” because Amazon said HeadBucket is not a valid permission

Then I follow the guide to exactly as same as in permission page in bucket

Then the most important part, enable ACLs, it’s called Edit Object Ownership in permission tab, with ACLs enabled and set to object writer, everything just fine now

Hope my experience can help you

Topic		Replies	Views
The bucket does not allow ACLs Support s3	5	2482	December 3, 2022
AWS S3 Object Ownership Installation s3	2	722	December 26, 2021
Image upload error: The bucket does not allow ACL's Support s3	5	1668	June 10, 2022
Migrating uploads to s3 does not work with private bucket Feature	10	1652	July 8, 2024
S3 image upload access denied while backups upload working fine Installation s3	22	2572	March 23, 2020

Upload objects to private S3 is not working

Related topics