Open j08lue opened 2 months ago
There is nothing that speaks against it. working on it....
I've granted temporary cross-account read permissions to the production S3 bucket. This setup will allow access until we determine whether it's necessary to switch to using an assume role instead.
I will revert the cross-account S3 read permission to deny, and we'll revisit this in the future if we determine it's necessary.
This currently fails:
https://dev.ghg.center/ghgcenter/api/raster/cog/statistics?url=s3%3A%2F%2Fghgc-data-store%2Feccodarwin-co2flux-monthgrid-v5%2FECCO-Darwin_CO2_flux_202212.tif
with the usual
Indicating that
dev.ghg.center/ghgcenter/api/raster
does not have access to theghgc-data-store
bucket. The production API does:https://ghg.center/api/raster/cog/statistics?url=s3%3A%2F%2Fghgc-data-store%2Feccodarwin-co2flux-monthgrid-v5%2FECCO-Darwin_CO2_flux_202212.tif
Can we give the dev API read access to the production bucket or is there something that speaks against it?
Acceptance criteria