Storage module to official 'aws-sdk' gem for Amazon S3
Clone or download
Pull request Compare This branch is 1 commit ahead, 14 commits behind igor-alexandrov:master.
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Failed to load latest commit information.

Build Status

Paperclip storage module to use Amazon S3 with official 'aws-sdk' gem

paperclip-aws is a full featured storage module that supports all S3 locations (American, European and Japanese) without any additional hacking.


  • supports US, European and Japanese S3 instances;
  • supports both http and https urls;
  • supports expiring urls;
  • supports different permissions for each Paperclip style;
  • supports generating urls for read, write и delete operations;
  • supports amazon server side encryption (thanks to @pvertenten);
  • supports versioning;
  • highly compatible with included in Paperclip S3 storage module



gem install paperclip-aws

After this add 'paperclip-aws' to your Gemfile or environment.rb

Common Usage

class SomeS3Attachment < ActiveRecord::Base
  def self.s3_config
    @@s3_config ||= YAML.load("#{Rails.root}/config/s3.yml")).result)[Rails.env]    

  has_attached_file :data,
                    :styles => {
                      :thumb => [">75x"],
                      :medium => [">600x"]
                    :storage => :aws,
                    :s3_credentials => {
                      :access_key_id => self.s3_config['access_key_id'],
                      :secret_access_key => self.s3_config['secret_access_key'],
                      :endpoint => self.s3_config['endpoint']
                    :s3_bucket => self.s3_config['bucket'],                    
                    :s3_host_alias => self.s3_config['s3_host_alias'],
                    :s3_permissions => :public_read,
                    :s3_protocol => 'http',
                    :s3_options => {
                      :server_side_encryption => 'AES256',
                      :storage_class => :reduced_redundancy,
                      :content_disposition => 'attachment'
                    :path => "company_documents/:id/:style/:data_file_name"  
  # You also can modify :s3_credentials, :s3_bucket, :s3_permissions, :s3_options, :s3_protocol, :s3_host_alias directly in instance.
  before_save do[:content_disposition] = "attachment; filename=#{self.data_file_name}"[:server_side_encryption] = true if self.confidential_information?[:storage_class] = true if self.unimportant_information? = 'https' if self.confidential_information? = :authenticated_read if self.private?

Create link for file that will expire in 10 seconds after it was created. Useful when redirecting user to file., { :expires => + 10.seconds, :protocol => 'https' })



Endpoint where your bucket is located. Default is '' which is for 'US Standard' region.

You can find full list of endpoints and regions here


Sets permissions to your objects. Values are:


You can setup permnissions globally for object or per style:

:s3_permissions => :public_read

:s3_permissions => {
  :thumb => :public_read,
  :medium => :authenticated_read,
  :default => :authenticated_read


Default protocol to use: 'http' or 'https'.


Hash of additional options. Available options are:

  • :server_side_encryption'AES256' (the only available encryption now)
  • :storage_class:standard (default) or :reduced_redundancy
  • :content_disposition


Remember to specify a folder in a root of your bucket. If you don't , you'll be able to save without problems, but S3 will respond with Access Denied on read.


  • Bad (you will get permission denied error)

    • :path => "/:style/:id/:filename"
    • :path => "/images/:id/:filename"
  • Good (there is a root folder specified)

    • :path => "images/:style/:id/:filename"
    • :path => ":style/:id/:filename"

The main problem of the "Bad" case - it creates nameless folder in a root of a bucket which seems to be an issue when reading, so make sure you don't put '/' in front of the path.

How paperclip-aws creates urls?

'paperclip-aws' redefines Paperclip url method to get object URL.

def url(style=default_style, options={})

Supported options are:

  • :protocol'http' or 'https'

    Use this options to redefine default protocol, configured in model.

  • :expires

    Sets the expiration time of the URL; after this time S3 will return an error if the URL is used. This can be an integer (to specify the number of seconds after the current time), a string (which is parsed as a date using Time#parse), a Time, or a DateTime object. This option defaults to one hour after the current time.

    Default is set to 3600 seconds.

  • :action

    Method, the HTTP verb or object method for which the returned URL will be valid. Valid values:

    • :get or :read
    • :put or :write
    • :delete

    Default is set to :read, which is the most common used.


'paperclip-aws' lets you easily use S3 file versioning if it is enabled for selected bucket. To find more information about versioning and how to enable it, please follow AWS FAQs and AWS S3 Docs.

Also you can enable versioning from your Rails console by using following code:

Please make sure, that user that is used to connect to S3 has enough permissions to do this, or you will get AWS::S3::Errors::AccessDenied error.

To get array of file versions use #versions method:

Can I use it in production?

Yes, usage of paperclip-aws is confirmed by several rather big projects:

I hope that it is used in a lot of other projects, if you know them – let me know.