Needs Update for Default "Block Public Access"

bcolflesh commented 4 years ago

This was last updated before the "Block Public Access" permission structure was added. You can't enable the Bucket Policy for the vod-mediabucket with it enabled. Instructions need to be updated to show the correct choices for the Permissions section now.

aburkleaux-amazon commented 4 years ago

Fixed in 3b637666c7ec198a95a7464932e4410124ac4069

I updated the tutorial in the MediaConvert-WorkflowWatchFolderAndNotification section to handle this change to S3 default behavior:

Uncheck "Block Public Access" in the tutorial path

I also changed the way public read access is granted to the MediaConvert job outputs.

Removed the Public Read from the vod-mediabucket policy

Added DesitnationSettings (new MediaConvert feature) in job.json to grant public read to MediaConvert job output groups using S3 ACLs.

"DestinationSettings": {
          "S3Settings": {
            "AccessControl": {
              "CannedAcl": "PUBLIC_READ"
            }
          }

KeNickety commented 3 years ago

I'd suggest leaving "Block Public Access" and updating the default ACL to "BUCKET_OWNER_FULL_CONTROL" rather than "PUBLIC_READ" with a note to change it if you need to.

aws-samples / aws-media-services-vod-automation

Needs Update for Default "Block Public Access" #20