alumni_lookup

Photo Storage Setup (S3 / Cloudinary)

Last Updated: December 2, 2025
Purpose: Configure image storage for alumni photos in production.

See Also: For full environment and deployment pipeline documentation, see:

operations/DEPLOYMENT_PIPELINE.md — Deploy workflows, rollbacks

operations/EXTERNAL_SERVICES_ENV_CONFIG.md — All external services

operations/ENV_SETUP_IMPLEMENTATION_CHECKLIST.md — Full setup guide

Quick Setup for Alumni Photo Feature on Heroku + S3

1. Add Required Gems

bundle add aws-sdk-s3

2. Configure Storage (config/storage.yml)

# Add this to your existing storage.yml
amazon:
  service: S3
  access_key_id: <%= Rails.application.credentials.dig(:aws, :access_key_id) %>
  secret_access_key: <%= Rails.application.credentials.dig(:aws, :secret_access_key) %>
  region: us-west-2  # Choose region closest to your users
  bucket: alumni-lookup-<%= Rails.env %>
  public: false

3. Update Production Environment (config/environments/production.rb)

Add this line:

config.active_storage.service = :amazon

4. Create AWS Resources

S3 Bucket Setup:

Login to AWS Console
Create bucket: alumni-lookup-production
Keep all default security settings (block public access)
Add CORS configuration:

[
  {
    "AllowedHeaders": ["*"],
    "AllowedMethods": ["GET", "PUT", "POST", "DELETE", "HEAD"],
    "AllowedOrigins": ["https://your-app-name.herokuapp.com"],
    "ExposeHeaders": ["ETag"]
  }
]

IAM User Setup:

Create new IAM user: alumni-lookup-s3
Attach this inline policy:

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "s3:GetObject",
        "s3:PutObject",
        "s3:DeleteObject",
        "s3:ListBucket"
      ],
      "Resource": [
        "arn:aws:s3:::alumni-lookup-production",
        "arn:aws:s3:::alumni-lookup-production/*"
      ]
    }
  ]
}

Generate Access Key + Secret Key

5. Configure Rails Credentials

# Edit encrypted credentials
EDITOR="code --wait" rails credentials:edit

# Add these lines:
aws:
  access_key_id: AKIA...  # Your AWS Access Key
  secret_access_key: ...  # Your AWS Secret Key

6. Deploy to Heroku

# Commit changes
git add .
git commit -m "Add S3 configuration for production photo storage"

# Deploy
git push heroku main

# Set master key (copy from config/master.key)
heroku config:set RAILS_MASTER_KEY=your_master_key_here

7. Test Photo Upload

Visit your Heroku app
Find an alumni record
Upload a test photo
Verify it appears in your S3 bucket

Alternative: Cloudinary Setup

If you prefer Cloudinary for better image optimization:

Free tier: 25GB storage, 25GB bandwidth
Get your cloud name, API key, and API secret

2. Add Gems

bundle add cloudinary activestorage-cloudinary-service

3. Configure Storage

# Add to config/storage.yml
cloudinary:
  service: Cloudinary
  cloud_name: <%= Rails.application.credentials.dig(:cloudinary, :cloud_name) %>
  api_key: <%= Rails.application.credentials.dig(:cloudinary, :api_key) %>
  api_secret: <%= Rails.application.credentials.dig(:cloudinary, :api_secret) %>

4. Update Production Environment

# In config/environments/production.rb
config.active_storage.service = :cloudinary

5. Set Heroku Config

heroku config:set CLOUDINARY_URL=cloudinary://api_key:api_secret@cloud_name

Cost Comparison

S3 (Estimated monthly cost for 1000 alumni photos)

Storage (1000 photos × 500KB avg): ~$0.01
Requests (views + uploads): ~$0.01
Total: ~$0.02/month

Cloudinary

Free tier covers most small-medium applications
Automatic image optimization and CDN
Cost: $0 (within free limits)

Recommendation

For your alumni lookup app: Start with Cloudinary for the following reasons:

Free tier will likely cover your needs
Automatic optimization - converts to WebP, optimizes quality
Built-in CDN - faster image delivery worldwide
Simpler setup - no AWS account needed
Better for Rails - designed specifically for web applications

You can always migrate to S3 later if you outgrow Cloudinary’s free tier.