Ruby on Rails Active Storage AWS, GCP, and Azure config
In this Ruby on Rails tutorial, we are going to configure Ruby on Rails Active Storage module to work with
- Google Cloud Platform,
- Amazon AWS S3 Buckets,
- Microsoft Azure Cloud.
Let us learn more about Ruby on Rails Active Storage setup...
What is Ruby on Rails Active Storage?
Ruby on Rails Active Storage is responsible for storing any files in the Ruby on Rails application and exposing them to Ruby on Rails application's Active Record objects.
Ruby on Rails Active Storage out of the box comes equipped with four different file storage options:
- a local disk-based service, useful for development and testing,
- Google Cloud Platform,
- Amazon AWS S3,
- Microsoft Azure Storage,
and on top of that, supports mirroring files between multiple storage destinations for sane migrations and backups.
Furthermore, Ruby on Rails Active Storage equips the application into the ability to perform various file transformations:
- cropping, resizing and doing everything available via ImageMagick library,
- file format conversion, for example changing JPG to PNG,
- generating images from PDF and other file formats,
- extracting metadata from arbitrary files.
Ruby on Rails Active Storage is the module to use whenever in need to do any kind of work on files.
If your Ruby on Rails application needs to store an avatar uploaded by a user in order to easier identify him in your web app, use Ruby on Rails Active Storage module.
 %>
test:
service: Disk
root: <%= Rails.root.join("tmp/storage") %>
The example Ruby on Rails Active Storage file defines two services, local and development.
Both of them save files to defined Ruby on Rails application directories, let's make sure they are created in your project root.
cd /path/to/rails/app
mkdir files
mkdir -p tmp/files
This should be optional unless your Ruby on Rails application was initialized
with the --skip-active-storage
configuration option.
The test service takes advantage of the temporary directory, that's usually ignored by git version control in the .gitignore file.
The disk service is the one that you'd probably want to use in the development and potentially in the production environment.
It would also go to the .gitignore file, yet you wouldn't want to lose it on production - anyway, make sure its there for the development process.
.gitignore
/storage/*
/tmp/*
Let's now take a look at the Ruby on Rails Active Storage environment configuration file - let it be the test one, as it will most likely look like in most of Ruby on Rails applications.
config/environment/test.rb
config.active_storage.service = :test
This simple configuration option accepts a symbol representing the service name previously defined in the Ruby on Rails Active Storage configuration file.
In our case, it tells Ruby on Rails Active Storage module to write to the temporary files directory while running the app in the test environment.
Configuration of other environments' Ruby on Rails Active Storage module is going to look like that:
config/environment/production.rb, config/environment/development.rb
config.active_storage.service = :local
And that's pretty much it.
Continue reading in order to learn how to use third-party cloud storage services with Ruby on Rails Active Storage module.
Ruby on Rails Active Storage Google Cloud Platform configuration
Google Cloud Platform Storage service connection is easily configurable with Ruby on Rails Active storage module.
Ruby on Rails Active Storage with Google Cloud Storage
The most difficult part of the process is not Ruby on Rails code-related - yet still worth automating with Ruby on Rails hix.dev template - but the whole setup on the Google Cloud Platform part.
Let's get through it.
GCP account setup and bucket creation
In order to use Google Cloud Storage with Ruby on Rails Active Storage module, we need to create an account first. Follow these steps in order to do that.
- On the official Google Cloud Storage website page, click Try it free. Try Google Cloud Storage for free
- You will be asked to log into your Google account. Do that, or create one if you don't have it.
- In the first step of Google Cloud account creation, confirm that Google guessed your country of origin correctly and accept the terms and conditions. Step 1 of Google Cloud Storage account creation
- In the second step, sell your soul to Google providing your address and credit card information. You might choose between an "Individual" and "Business" accounts here, too. Step 2 of Google Cloud Storage account creation
- Click "Start my free trial", and on the next page click the "Got it" button in the welcome popup. Welcome to Google Cloud Platform
You are now on your Google Cloud Platform dashboard dedicated to Storage management. By default, Google Cloud Platform creates an entity called "My First Project".
For the purposes of this guide, we are going to use it, but in your Ruby on Rails production projects, it's worth creating a project with a more meaningful name than that.
- Click the "Create bucket", and then close the popup window by clicking the "Got it" button. Click Create bucket button
- In the first step of the bucket creation, provide its name - if not sure, go through the bucket naming guidelines - and then click Continue. Keep your bucket name in mind in order to connect to it via Ruby on Rails Active Storage module. Name your bucket and click continue
- In the next step, select storage location best matching your Ruby on Rails application audience, then click "Continue". Adjust bucket location settings
- Depending on your need, select the storage data class - it defines how often your files are going to be accessed. Then, click "Continue". Select bucket storage data class
- In the access control step, it is best to leave it as-is if in doubt. Adjust bucket access control if needed
- The rest of the configuration is optional - click Continue in order to review it, and then click the Create button.
Now that we've created the Google Cloud Platform account and our first bucket in the Storage service, let's get through the authorization part.
GCP storage credentials
Follow the credentials generation process in order to authorize Ruby on Rails Active Storage to connect to Google Cloud Storage.
-
Click the Open the IAM & Admin page button. Open the IAM and Admin page
-
Click Select a project, choose a project, and click Open.
-
In the left-hand sidebar, navigate to Service accounts page. Service accounts in sidebar
-
On the service accounts page, click the "Create service account" button. Create service account
-
Provide service account name. The ID is autogenerated from the name, and description is optional. Click the "Create" button. Provide service account name
-
Optionally set the service account permissions to Storage Admin. Then, click the "Continue" button. Service account permissions
-
In the next step, click the "Create key" button. Create service account credentials
-
In the right-hand sidebar, select JSON option and click "Create". Create service account credentials
-
The private key was downloaded. Save it for further usage in the Ruby on Rails Active Storage configuration. Private access key generated succesfully
Now that we've successfully obtained the Google Cloud Storage JSON credentials private key, let's connect our Ruby on Rails Active Storage using it.
GCP Rails configuration
For Ruby on Rails Active Storage to work with Google Cloud Storage there's a dedicated gem required to be installed.
Add the following to your Ruby on Rails application Gemfile file.
Gemfile
gem 'google-cloud-storage'
Next, open the downloaded Google Cloud Storage JSON file with a text editor of your choice.
keyfile.json
{
"type": "service_account",
"project_id": "40hallowed-ridge-264013",
"private_key_id": "32976f16b04ece6a6fb8bc3bb4c52ea48f738bb8",
"private_key": "-----BEGIN PRIVATE KEY-----\n<.....>\n-----END PRIVATE KEY-----\n",
"client_email": "hix.dev@40hallowed-ridge-264013.iam.gserviceaccount.com",
"client_id": "102135739378581270686",
"auth_uri": "https://accounts.google.com/o/oauth2/auth",
"token_uri": "https://oauth2.googleapis.com/token",
"auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs",
"client_x509_cert_url": "https://www.googleapis.com/robot/v1/metadata/x509/hix.dev%40hallowed-ridge-264013.iam.gserviceaccount.com"
}
Ruby on Rails Active Storage supports two types of configuration for the Google Cloud Storage service.
The first way to configure Ruby on Rails Active Storage to connect with your
Google Cloud Storage bucket is by using the credentials
key, which accepts a
path to the JSON credentials file stored in your Ruby on Rails application
directory.
config/storage.yml
google:
service: GCS
credentials: <%= Rails.root.join("path/to/keyfile.json") %>
project: "My First Project"
bucket: "hix.dev-active-storage"
The second option is to pass each of the configuration options defined in the Google Cloud Storage JSON file separately.
config/storage.yml
google:
service: GCS
credentials:
type: "service_account"
project_id: "hallowed-ridge-264013"
private_key_id: "32976f16b04ece6a6fb8bc3bb4c52ea48f738bb8"
private_key: "-----BEGIN PRIVATE KEY-----\n<.....>\n-----END PRIVATE KEY-----\n"
client_email: "hix.dev@hallowed-ridge-264013.iam.gserviceaccount.com"
client_id: "102135709378581270686"
auth_uri: "https://accounts.google.com/o/oauth2/auth"
token_uri: "https://accounts.google.com/o/oauth2/token"
auth_provider_x509_cert_url: "https://www.googleapis.com/oauth2/v1/certs"
client_x509_cert_url: "https://www.googleapis.com/robot/v1/metadata/x509/hix.dev%40hallowed-ridge-264013.iam.gserviceaccount.com"
project: "My First Project"
bucket: "hix.dev-active-storage"
In both cases, it is not the best idea to keep any secrets in the version
control system. Let's install the dotenv-rails
gem instead and put all the configuration
into the dedicated .env file.
.env
GCS_PROJECT_ID=hallowed-ridge-264013
GCS_PRIVATE_KEY_ID=32976f16b04ece6a6fb8bc3bb4c52ea48f738bb8
GCS_PRIVATE_KEY="-----BEGIN PRIVATE KEY-----\n<.....>\n-----END PRIVATE
KEY-----\n"
GCS_CLIENT_EMAIL=hix.dev@hallowed-ridge-264013.iam.gserviceaccount.com
GCS_CLIENT_ID=102135709378581270686
GCS_AUTH_PROVIDER_X509_CERT_URL=https://www.googleapis.com/robot/v1/metadata/x509/hix.dev%40hallowed-ridge-264013.iam.gserviceaccount.com
GCS_PROJECT="My first project"
GCS_BUCKET=hix.dev-active-storage
After doing that, simply use all the environment variables in the Ruby on Rails Active Storage configuration file.
config/storage.yml
google:
service: GCS
credentials:
type: "service_account"
project_id: <%= ENV['GCS_PROJECT_ID'] %>
private_key_id: <%= ENV['GCS_PRIVATE_KEY_ID'] %>
private_key: <%= ENV['GCS_PRIVATE_KEY'] %>
client_email: <%= ENV['GCS_CLIENT_EMAIL'] %>
client_id: <%= ENV['GCS_CLIENT_ID'] %>
auth_uri: "https://accounts.google.com/o/oauth2/auth"
token_uri: "https://accounts.google.com/o/oauth2/token"
auth_provider_x509_cert_url: "https://www.googleapis.com/oauth2/v1/certs"
client_x509_cert_url: <%= ENV['GCS_CLIENT_X509_CERT_URL'] %>
project: <%= ENV['GCS_PROJECT'] %>
bucket: <%= ENV['GCS_BUCKET'] %>
This way your Google Cloud Storage credentials are not stored in the repository holding your Ruby on Rails application code and are less likely to get stolen.
Ruby on Rails Active Storage AWS S3 configuration
Amazon Web Services AWS S3 storage service connection is easily configurable with Ruby on Rails Active Storage module.
Ruby on Rails Active Storage with Amazon S3
The most difficult part of the configuration is the whole setup on the Amazon Web Services AWS S3 part - yet it is still worth it to automate Ruby on Rails Active Storage configuration with Ruby on Rails hix.dev template
Let's dive into it.
AWS account setup
Get through the following steps in order to create your Amazon account for connecting Ruby on Rails Active Storage with the AWS S3 service.
- Go to AWS Amazon S3 official website and click "Get Started with Amazon S3" button. Get started with Amazon S3
- Click the "Create new account" button. If you have an account already, you can skip the rest of these steps. Create new Amazon account
- Provide your account email, password and name. Then click the "Continue" button. Provide your account email, password and name
- Sell your soul to Amazon providing your full name and address data. At this point it is possible to create either "Personal" or "Business" account. Then click the "Create account and continue" button. Provide your credentials and address
- Provide your Credit Card information and click the "Verify and Add" button. Provide your credit card information
- Select the country and provide your phone number in order to get the verification code. Fill up the security check input, then click the "Send SMS" button. Identity verification: country and phone number
- Wait for the SMS message and enter your verification code, then click the "Verify code" button. Identity verification: enter the code form SMS message
- In the successful verification popup, click the "Continue" button. Identity verification success
- Select your support plan. It's good to start for free and upgrade it as you need. Select Amazon Support plan
- Click the "Sign in to the Console" button. Welcome to the AWS
Now that you've created your AWS account, let's create the Amazon S3 bucket.
Follow the steps below in order to do that. - Sign in to the AWS Management Console providing email and password to your account. Sign in to AWS Management Console
- Click the "Services" dropdown in the navigation bar and navigate to the "Storage / S3" page. Navigate to Storage S3 Service
- In the S3 dashboard, click the "Create bucket" button. Click the 'Create bucket' button
- Enter your bucket name and select its region - it is important to remember for further Ruby on Rails Active Storage configuration. Then, click the "Next" button. Provide S3 bucket name and region
- Browse through the S3 bucket configuration options. Then click the "Next" button. S3 bucket configuration options
- Adjust your S3 bucket permissions settings, they can be changed later if needed. When done, click the "Next" button. S3 bucket permissions settings
- In the final step, review all the information provided, then click the "Create bucket" button. S3 bucket settings review
The last step for Ruby on Rails Active Storage module towards accessing your Amazon AWS S3 bucket is obtaining your account credentials.
Let's see how to do that.
AWS storage credentials
With regard to the Amazon Best Practices, we are going to create a special user for our Ruby on Rails Active Storage module, with access specifically set to the Amazon AWS S3 service only.
The Amazon access can be modified at any point for given users.
Follow the steps below.
- In the AWS S3 dashboard, click your account dropdown and "My Security Credentials" link. Navigate to Amazon account Security Credentials
- In the popup, click the "Get Started with IAM Users" button. Get Started with IAM Users
- In the Identity and Access Management dashboard, click the "Add user" button. Click the 'Add user' button
- Enter the user name and password, and allow programmatic and AWS Management Console access. Do not require a password change. Then, click the "Next: Permissions" button. Provide name, password and access options
- Click the "Attach existing policies directly" tile, then search for "S3" and check the "AmazonS3FullAccess" option. Grant full access to Amazon S3
- Optionally, add user tags. When done, click the "Next: Review" button. Optional Amazon S3 user tags
- Review the new user, then click the "Create user" button. Amazon S3 user creation review
- Copy your "Access key ID" and "Secret access key". Get your Amazon S3 user credentials
- At this point, it is also good to backup your access keys CSV file safely, just in case.
Now that we've obtained Amazon AWS S3 credentials, let's finalize connecting the Ruby on Rails Active Storage module to our freshly created AWS S3 bucket.
AWS Rails configuration
Ruby on Rails Active Storage module is able to connect with your Amazon AWS S3
service thanks to aws-sdk-s3
gem.
Open your project's Gemfile file and add the following.
Gemfile
gem 'aws-sdk-s3'
Now, let's get to the Ruby on Rails Active Storage configuration.
Browse a full list of AWS regions in order to find your S3 bucket region code.
config/storage.yml
s3:
service: S3
access_key_id: "AKIAIOSFODNN7EXAMPLE"
secret_access_key: "wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY"
region: "eu-west-2"
bucket: "hix.dev"
Adjust the Ruby on Rails Active Storage configuration file with your Amazon AWS S3 credentials.
A better way to store Ruby on Rails application credentials is by using the
dotenv-rails
gem. After installing it, create the .env file and add the
following.
.env DO_SPACES_ACCESS_KEY_ID=AKIAIOSFODNN7EXAMPLE DO_SPACES_SECRET_ACCESS_KEY=wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY DO_SPACES_BUCKET=hix.dev DO_SPACES_REGION=eu-west-2
The next step is to load those environment variables into the Ruby on Rails
Active Storage configuration file.
_config/storage.yml_
```yml
s3:
service: S3
access_key_id: <%= ENV['DO_SPACES_ACCESS_KEY'] %>
secret_access_key: <%= ENV['DO_SPACES_SECRET_ACCESS_KEY'] %>
region: <%= ENV['DO_SPACES_REGION'] %>
bucket: <%= ENV['DO_SPACES_BUCKET'] %>
This way you don't store any secrets in your Ruby on Rails project's version control system - other supported ways to achieve the same goal are using different configuration methods off the AWS Ruby SDK package.
Ruby on Rails Active Storage Microsoft Azure Cloud configuration
Microsoft Azure Blob Storage Microsoft Azure Blob Storage service connection is easily configurable with Ruby on Rails Active Storage module.
Ruby on Rails Active Storage with Microsoft Azure Blob Storage
Once you get through the Microsoft Azure Blob Storage account creation and setup, it is worth to automate the Ruby on Rails Active Storage configuration with Ruby on Rails hix.dev template.
Let's rock.
Azure account setup
For Ruby on Rails Active Storage to work with Microsoft Azure Storage, the Microsoft account and Microsoft Azure account are needed.
Follow the steps below in order to create a Microsoft account.
- Visit the Microsoft Azure Storage website and click the "Start free" button. Start for free with Microsoft Azure
- On the next page, click the "Start free" button. Start for free with Microsoft Azure
- Provide your account email, then click the "Next" button. Provide your account email
- Provide your account password, then click the "Next" button. Provide your account password
- Provide your country and birth date, then click the "Next" button. Provide your country and birth date
- Go to your email account, copy and paste the verification code. Then click the "Next" button. Verify the account email
Now that we have created the Microsoft account, we are going to create the Microsoft Azure account related to it.
You should be redirected to the form presented below.
- Provide your basic credentials - country, first and last name, email, phone number and optionally your company VAT ID. Then click the "Next" button. Provide your basic credentials
- After entering your phone number, click the "Text me" button. Verify your phone number
- Wait for the SMS message and enter the code received. Wait for the verification to complete and click the "Next button". Identity SMS verification
- Sell your soul to Microsoft providing all the necessary billing data. Then click the "Next" button. Provide billing data
- Check the required agreements and click the "Sign up" button. Agree and sign up
That's it, both Microsoft accounts required by Ruby on Rails Active Storage are ready to use.
In the new account, let's create the "Storage account" and an entity that's specific to Azure, called "Container", which is an equivalent to AWS S3 and Google Cloud Storage "Bucket".
- Click the "Go to portal" button. Go to portal
- Skip the Azure usage wizard for now by clicking "Maybe later" button in the popup. Skip the Azure usage wizard
- In the top-left corner open the hamburger menu and navigate to the "Storage accounts" page. Navigate to Storage accounts page
- Click the "Create storage account" button. Create storage account
- Provide account name, select its location and optionally browse through all the configuration tabs. Then click the "Review + Create" button. Provide account data
- Wait for the account validation, then click the "Create" button. Wait for validation and create account
- Wait for the container to be created - it will take up to 5 minutes. Then click the "Go to resource" button. Go to resource
- Click the "Containers" tile. Navigate to Containers
- Click the "+ Container" link, provide your container data and click the "OK" button. Create your container
With all this in place, let's collect the final piece required for Ruby on Rails Active Storage to work with our Microsoft Azure account.
Azure storage credentials
The last step toward working Ruby on Rails Active Storage module reading and writing files to our Microsoft Azure Storage service is obtaining its credentials.
In order to do that, in the left-hand sidebar "Settings" section navigate to the first section named "Access keys".
Obtain Microsoft Azure credentials
Leave this page open for the Ruby on Rails Active Storage configuration described in the next step.
Azure Rails configuration
In order to work, Ruby on Rails Active Storage requires the dedicated gem.
Open your Gemfile and add the following.
Gemfile
gem 'azure-storage-blob'
The next step is to edit the Ruby on Rails Active Storage configuration file.
config/storage.yml
azure:
service: AzureStorage
storage_account_name: "hixonrails"
storage_access_key: "12id12dni1ksld1niodnio1dn1opdm1skdm1idmop1wm1pdm1pd1"
container: "activestorage"
The more secure way to store your Microsoft Azure Storage credentials is to
use dotenv-rails
gem instead of keeping them in the Ruby on Rails Active
Storage configuration file, which is checked into the git version control
system.
.env
AZURE_STORAGE_ACCOUNT_NAME=hixonrails
AZURE_STORAGE_ACCESS_KEY=12id12dni1ksld1niodnio1dn1opdm1skdm1idmop1wm1pdm1pd1
AZURE_STORAGE_CONTAINER=activestorage
With this saved, edit the Ruby on Rails Active Storage configuration file.
config/storage.yml
azure:
service: AzureStorage
storage_account_name: <%= ENV['AZURE_STORAGE_ACCOUNT_NAME'] %>
storage_access_key: <%= ENV['AZURE_STORAGE_ACCESS_KEY'] %>
container: <%= ENV['AZURE_STORAGE_CONTAINER'] %>
This way your Ruby on Rails application is one step closer to respect Twelve-Factor App methodology Twelve-Factor App methodology</a>.
Conclusion
Ruby on Rails Active Storage configuration is as easy as it gets - all you need to do is filling your access data to the Cloud Storage provider of your choice.
It gets even easier if you decide that your Ruby on Rails Active Storage module is going to store the files on your server's disk.
The difficult, yet in case of most of the organizations one-time part of the Ruby on Rails Active Storage configuration is the account creation and setup with the Cloud Storage provider of your choice - Amazon, Google or Microsoft.
In order to make the Ruby on Rails Active Storage configuration part even easier, consider using Ruby on Rails hix.dev Template that integrates the Active Storage setup in its setup wizard.