S3 integration Upload Failing

I’ve successfully integrated an S3 bucket as the image storage for my Omeka Classic instance, 3.0.2 hosted on Reclaim.

My bucket is in region My region is us-east-1. I was able to set up an S3 FTP server and copy my existing images there; my site displays all the images just fine.

But when I test uploading an item, the file will not upload. I get this error:

Zend_Http_Client_Adapter_Exception: Error writing request to server in /home/gallery1/public_html/application/libraries/Zend/Http/Client/Adapter/Socket.php:303

When I test Batch Uploader (v.1.1.0) I get this error:

WOR2021.01.005.002.jpg (Error writing request to server)

I set up the permissions giving my user S3FullAccess as per this example:

What do I need to add to my bucket policy to allow uploads?

I haven’t personally used the S3FullAccess role but it would seem like it should give well, full access.

You’d want to make sure you’re using the same/correct credentials and so on in the Omeka config as you used successfully elsewhere, but I imagine you’ve checked that already.

S3 has some options to disallow “public” things in buckets… have you checked if you have those enabled maybe? Under “Permissions” when editing a bucket there’s a setting called " Block public access to buckets and objects granted through new access control lists (ACLs)" that could be a problem if it were enabled.

In the S3 bucket, I set up a bucket policy as per the Reclaim example that I linked to.

{
“Version”: “2012-10-17”,
“Statement”: [
{
“Sid”: “AddPerm”,
“Effect”: “Allow”,
“Principal”: “*”,
“Action”: “s3:Object",
“Resource”: "arn:aws:s3:::icggallery/

}
]
}
(There are asterisks between s3:Object and after icggallery/)

So my Object Ownership shows up as:

Bucket owner enforced
ACLs are disabled. All objects in this bucket are owned by this account. Access to this bucket and its objects is specified using only policies.

Block All Public Access is Off

I’m wondering if I need to add more explicit permissions into mu bucket policy, but the documentation is exceedingly unclear to me.

Omeka Classic’s code for dealing with S3 is pretty old: you might need to change Object Ownership back to its default of “Object writer,” since Omeka does try to send an ACL when it pushes files to S3.

There are also more detailed settings under “Block All Public Access” and you can check those; the one I mentioned is one of them.

Success! Changing it back to Object Writer and re-enabling ACLs did that trick for both individual upload and Batch Uploader. Thanks!

At some point should I instead use one of the newer plugins for S3 integration?

The built-into-Omeka code will work fine, though you could move to one of the others that’s in a plugin if you want. Typically we see people use those if they need to support a “newer” region that requires newer code.

I’ll also look at adding an option to the built-in code to disable setting per-object ACLs to avoid this kind of problem cropping up in the future.

This topic was automatically closed 250 days after the last reply. New replies are no longer allowed.