search

aws-solutions / media-services-application-mapper

Media Services Application Mapper is a browser-based tool that allows operators to visualize the structure and logical connections among AWS Media Services and supporting services in the cloud. The tool can be used as a top-down resource monitoring tool when integrated with CloudWatch.
Apache License 2.0
84 stars 27 forks source link

Update S3 write scripts to check account ownership before write #237

Closed jilladams closed 2 years ago

jilladams commented 3 years ago

script statements like this: aws s3 sync $global_dist_dir s3://$global_bucket/aws-media-insights-engine/$version/ aws s3 sync $regional_dist_dir s3://${regional_bucket}-${region}/aws-media-insights-engine/$version/

To include checks like this before running s3 sync or cp: aws s3api head-bucket --bucket $global_bucket --expected-bucket-owner $bucket_account aws s3api head-bucket --bucket $regional_bucket --expected-bucket-owner $bucket_account

The head-bucket command will return a non-zero result (API returns a 403) if the bucket ownership doesn’t match. If you have error handling set to short-circuit the script, the above statements would stop the script before uploading.

Directly uploading to regional buckets means checking each bucket before uploading.

morjoan commented 2 years ago

This is already in the dev branch: https://github.com/aws-solutions/aws-media-services-application-mapper/blob/dev-v1.10.0/deployment/deploy.sh#L64