search

US-GHG-Center / ghgc-backend

Backend services for Green House Gas Center
Other
0 stars 1 forks source link

Give dev raster API read access to production bucket #66

Open j08lue opened 2 months ago

j08lue commented 2 months ago

This currently fails:

https://dev.ghg.center/ghgcenter/api/raster/cog/statistics?url=s3%3A%2F%2Fghgc-data-store%2Feccodarwin-co2flux-monthgrid-v5%2FECCO-Darwin_CO2_flux_202212.tif

with the usual

"'/vsis3/ghgc-data-store/eccodarwin-co2flux-monthgrid-v5/ECCO-Darwin_CO2_flux_202212.tif' does not exist in the file system, and is not recognized as a supported dataset name."

Indicating that dev.ghg.center/ghgcenter/api/raster does not have access to the ghgc-data-store bucket. The production API does:

https://ghg.center/api/raster/cog/statistics?url=s3%3A%2F%2Fghgc-data-store%2Feccodarwin-co2flux-monthgrid-v5%2FECCO-Darwin_CO2_flux_202212.tif

Can we give the dev API read access to the production bucket or is there something that speaks against it?

Acceptance criteria

amarouane-ABDELHAK commented 2 months ago

There is nothing that speaks against it. working on it....

amarouane-ABDELHAK commented 2 months ago

I've granted temporary cross-account read permissions to the production S3 bucket. This setup will allow access until we determine whether it's necessary to switch to using an assume role instead.

amarouane-ABDELHAK commented 1 month ago

I will revert the cross-account S3 read permission to deny, and we'll revisit this in the future if we determine it's necessary.