SonataMediaBundle - S3 AWS: 'The configured bucket “my-bucket” does not exist

落爺英雄遲暮 提交于 2019-12-03 20:13:23

So, I ran in this issue too and spent about 3 hours to fix it.

TL; DR

I am pretty sure you used aws-sdk-php 3 so you have to switch your configuration to use this one:

services:
    acme.aws_s3.client:
        class: Aws\S3\S3Client
        factory: [Aws\S3\S3Client, 'factory']
        arguments:
            -
                version: latest
                region: %amazon_s3.region%
                credentials:
                    key: %amazon_s3.key%
                    secret: %amazon_s3.secret%

instead of this one:

services:
    acme.aws_s3.client:
        class: Aws\S3\S3Client
        factory: [Aws\S3\S3Client, 'factory']
        arguments:
            -
                key: %amazon_s3.key%
                secret: %amazon_s3.secret%
                region: %amazon_s3.region%

as described here. So you always connected to AWS without any credentials.

Configure knp_gaufrette in a correct way

1) Create a IAM user

Don't use your root access key and access secret to interact with Amazon S3. Create a new account with the access type "Programmatic access" to explicit allow the interaction with a single bucket. I called my user s3-bucket-staging and Amazon gave it the id arn:aws:iam::REMOVED:user/s3-bucket-staging.

You don't have to add a group or attach any policies. Make sure you save the generated Access key ID and Secret access key since this is the only chance you have to do so.

2) Edit your bucket policy

So for a very basic bucket with global read but no list permission (so people can access single files but not the list of all files) you can then add the following policy:

{
    "Version": "2012-10-17",
    "Id": "Policy1489062408719",
    "Statement": [
        {
            "Sid": "AllowGetObject",
            "Effect": "Allow",
            "Principal": "*",
            "Action": "s3:GetObject",
            "Resource": "arn:aws:s3:::BUCKET-NAME/*"
        },
        {
            "Sid": "AllowListBucket",
            "Effect": "Allow",
            "Principal": {
                "AWS": "arn:aws:iam::REMOVED:user/s3-bucket-staging"
            },
            "Action": "s3:ListBucket",
            "Resource": "arn:aws:s3:::BUCKET-NAME"
        },
        {
            "Sid": "AllowPutObject",
            "Effect": "Allow",
            "Principal": {
                "AWS": "arn:aws:iam::REMOVED:user/s3-bucket-staging"
            },
            "Action": "s3:PutObject",
            "Resource": "arn:aws:s3:::BUCKET-NAME/*"
        }
    ]
}

See also:

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!