[Rails Tutorial Chapter 13] Flow when using S3 for image upload in production environment (use .env so as not to publish AWS key)

Introduction

Rails Tutorial Chapter 13 introduces AWS S3 for image upload in production environment. However, as a beginner, I stumbled upon about two points by the time the introduction was completed, so I will summarize it as a memorandum below.

The first is the flow of setting S3 on the AWS system. The second is how to use .env files and not publish AWS keys etc. to GitHub.

By the way, even though I set GitHub to Public, I didn't use the .env file, so I exposed my AWS key ... I received many email warnings from AWS ... Had it not been for that email, it would have been scary ... [Actual record] Access key leak, actions taken by attackers and countermeasures

I referred to the following Udemy when setting up S3. It is highly recommended because it explains carefully other than S3. AWS: Amazon Web Services to practice from scratch. Learn the basics of infrastructure while moving your hands

1. Install gem

Install the aws-sdk-s3 gem and configure your production application to use cloud storage.

gem 'aws-sdk-s3',  '1.46.0', require: false

Describe and

$ bundle install

Execute.

2. S3 settings

First, open the AWS Management Console and go to your S3 dashboard. スクリーンショット 2020-12-21 11.11.24.png Click "Create Bucket" in the upper right. スクリーンショット 2020-12-21 11.11.50.png Enter the Bucket Name. Select Tokyo as the "Region". Ignore "Copy settings from existing bucket". スクリーンショット 2020-12-21 11.13.16.png ** Uncheck all "Block public access bucket settings". ** ** スクリーンショット 2020-12-21 11.13.45.png For others, I will leave the defaults this time. Click Create Bucket. スクリーンショット 2020-12-21 11.26.12.png If you can create an S3 bucket as shown in the image above, you're done. By the way, the bucket name and region (ap-northeast-1) information will be needed in the future. I will copy it later.

3. IAM settings

Go to your IAM dashboard. Click Users, then click Add User.

スクリーンショット 2020-12-21 15.25.08.png Enter your Username and select Programmatic Access.

スクリーンショット 2020-12-21 15.25.38.png Select Attach Existing Policy Directly. Also, enter S3 in the search box and select "Amazon S3 Full Access" displayed in the policy name.

スクリーンショット 2020-12-21 15.25.46.png Leave Add Tag blank and click Next Step: Confirm.

スクリーンショット 2020-12-21 15.26.05.png Click Create User.

スクリーンショット 2020-12-21 15.26.28.png The success screen will be displayed, so download the .csv. I will use the access key ID and secret key displayed above from now on, but since it is described in the csv file, this screen can be closed by clicking Close.

4. Heroku variable settings

Go back to your terminal and configure Heroku. Enter the "Access Key ID", "Secret Key", "Region", and "Bucket Name" created in (2) below, and execute the command.

$ heroku config:set AWS_ACCESS_KEY=<access key>
$ heroku config:set AWS_SECRET_KEY=<secret key>
$ heroku config:set AWS_REGION=ap-northeast-1(If it is another region, another region name)
$ heroku config:set AWS_BUCKET=<bucket name>

By the way, if you want to check if the input is correct, execute the following command.

$ heroku config

5. Create an env file

The secret key etc. entered above needs to be described in config/storage.yml, but if you describe it directly and push it to GitHub, it will be published. It's okay if you keep the GitHub repository Private, but if you have the possibility to change it to Public, it's difficult to delete the commit history ... (I couldn't do it as a beginner) Therefore, use an env file and avoid writing it directly. I referred to the following article.

How to install gem (dotenv-rails) and .env that can manage environment variables that can be used in Rails

First, install the following gem. It is listed in the top group of Gemfile so that it can be used in all environments.

gem 'dotenv-rails'

$ bundle install

Describe the following in config/storage.yml. ** [Caution] Please copy and paste as it is! The actual KEY value etc. are described in the env file. ** **

config/storage.yml



amazon:
  service: S3
  access_key_id:     <%= ENV['AWS_ACCESS_KEY'] %>
  secret_access_key: <%= ENV['AWS_SECRET_KEY'] %>
  region:            <%= ENV['AWS_REGION'] %>
  bucket:            <%= ENV['AWS_BUCKET'] %>

Create an .env file at the top of the application (at the same position as the Gemfile etc.) and describe the actual KEY etc.

.env


ACCESS_KEY_ID = <Your access key>
SELECT_ACCESS_KEY = <Your secret key>
REGION = ap-northeast-1(If it is another region, another region name)
BUCKET = <Your bucket name>

Then put the .env in the .gitignore file (a hidden file that may not normally be visible).

.gitignore



.env

6. Edit config/environments/production.rb

The Active Storage service setting parameters are described as follows.

config/environments/production.rb



#Save the uploaded file to AWS
  config.active_storage.service = :amazon

Finally

Commit and deploy.

$ git add -A
$ git commit -m "Any message"
$ git push
$ heroku pg:reset DATABASE
$ heroku run rails db:migrate
$ heroku run rails db:seed

Make sure you can't see the .env file on Github.

Recommended Posts

[Rails Tutorial Chapter 13] Flow when using S3 for image upload in production environment (use .env so as not to publish AWS key)
[Rails] How to upload images to AWS S3 using Carrierwave and fog-aws
[Rails] How to upload images to AWS S3 using refile and refile-s3
[Rails] About the error that the image is not displayed in the production environment
Upload Rails app image file to S3
How to use MySQL in Rails tutorial
Image is not displayed in production environment
When nginx conf is not reflected well in AWS Elastic Beanstalk + Rails environment