marcosdipaolo's avatar

Custom s3 filesystem diverging in permissions with AWS S3 SDK

I just started working on a project where they had implemented an s3 AWS SDK abstraction in order to create directories and move files around. I came up with the ideas of start using a new disk, let's call it for the thread purposes my-disk. So in the config/filesystems.php file I added the disk:

return [
	.....
	"disks" => [
        ......
        'my-disk' => [
            'driver'                  => 's3',
            'key'                     => env('AWS_ACCESS_KEY_ID'),
            'secret'                  => env('AWS_SECRET_ACCESS_KEY'),
            'region'                  => env('AWS_DEFAULT_REGION'),
            'bucket'                  => env('AWS_BUCKET_INTEGRATIONS'),
            'url'                     => env('AWS_URL'),
            'endpoint'                => env('AWS_ENDPOINT'),
            'use_path_style_endpoint' => env('AWS_USE_PATH_STYLE_ENDPOINT', false),
            'throw'                   => false,
        ]
    ]
]

BUT when I try to use my disk I realized it does not work for moving operations (like Storage::disk('my-disk')->move('current/location','new/location')), just get operations (like Storage::disk('my-disk')->get('current/location')). When trying to move files around I'm getting:

"Error processing integration: Unable to write file at location: Error executing \"PutObject\" on \"....s3.amazonaws.com....."; AWS HTTP error: Client error: `PUT https://.......s3.amazonaws.com/.....` resulted in a `403 Forbidden` response:\n<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<Error><Code>AccessDenied</Code><Message>User: AccessDenied (client): User is not authorized to perform: s3:PutObject on resource ..... because public access control lists (ACLs) are blocked by the BlockPublicAcls block public access setting. "

Then I went to the place where the original s3 abstraction (the one that works in all cases) was configured, and I found out it's using the same credentials my new disk is using.

$this->client = new \Aws\S3\S3Client(
    [
         'version'     => 'latest',
         'region'      => config('s3.region'), // env('AWS_DEFAULT_REGION')
         'credentials' => [
             'key'    => config('s3.credentials.key'), // env('AWS_ACCESS_KEY_ID')
             'secret' => config('s3.credentials.secret'), // env('AWS_SECRET_ACCESS_KEY')
          ],
    ]
);

So I was wondering what would be the difference between the 2 cases that I can only get with the Storage::disk implementation.

Thanks a lot.

0 likes
0 replies

Please or to participate in this conversation.