This is at odds with the requirement that all of the S3 objects be proxied through doi-service so that those with ungeneralised data cannot be accessed by everyone.
The ACL needs to be configurable and not default to Public access.
S3 are aware of the massive issues caused by people opening up objects unnecessarily to the public, but the security options that they put in to stop public objects are not able to be used currently because of the hardcoded PublicRead permission
S3 objects are currently hardcoded to be set to
PublicRead
as their ACL, which allows anyone to directly access the objects using the S3 API.https://github.com/AtlasOfLivingAustralia/doi-service/blob/138be8251f077c95afd34937b085e42b76bee8c1/src/main/groovy/au/org/ala/doi/storage/S3Storage.groovy#L40
https://github.com/AtlasOfLivingAustralia/doi-service/blob/138be8251f077c95afd34937b085e42b76bee8c1/src/main/groovy/au/org/ala/doi/storage/S3Storage.groovy#L57
https://github.com/AtlasOfLivingAustralia/doi-service/blob/138be8251f077c95afd34937b085e42b76bee8c1/grails-app/services/au/org/ala/doi/providers/DoiAmazonS3Service.groovy#L54
This is at odds with the requirement that all of the S3 objects be proxied through doi-service so that those with ungeneralised data cannot be accessed by everyone.
The ACL needs to be configurable and not default to Public access.
S3 are aware of the massive issues caused by people opening up objects unnecessarily to the public, but the security options that they put in to stop public objects are not able to be used currently because of the hardcoded
PublicRead
permission