deliciousbrains / wp-amazon-s3-and-cloudfront

Automatically copies media uploads to Amazon S3 for delivery. Optionally configure Amazon CloudFront for even faster delivery.
https://wordpress.org/plugins/amazon-s3-and-cloudfront/
312 stars 150 forks source link

There is no warning that offloads to S3 will not work when ACLs are disabled in bucket's Object Ownership setting and "Block All Public Access" is also disabled #602

Closed plessiez closed 2 years ago

plessiez commented 2 years ago

The information within the plugin makes this seem like an optional, but recommended step. It appears that it is required for the plugin to function.

The AWS S3 connection was working correctly and I could select the bucket in the plugin settings interface. I was using an IAM role which was working correctly and cloudfront was also set up ok.

I didn't "block all public access" because I couldn't remember if I'd set the policy correctly in AWS and wanted to go back and enable that setting later once the plugin was working.

Uploading files triggered no sort of action - nothing in the debug log and nothing was offloaded to S3. I tore my hair out about why nothing was being offloaded and eventually installed a fresh wordpress installation (new folder structure and new DB) and installed the plugin again and followed the same steps.

I had the same result, uploads were not offloaded. Finally I tried clicking 'Block all public access' within the plugin and immediately afterwards uploads were offloaded.

ianmjones commented 2 years ago

You should not need to enable Block All Public Access to offload to a bucket, unless you happen to have created the bucket manually and not enabled ACLs.

AWS S3 introduced a new "Object Ownership" feature a few months ago that by default turns off ACLs when you create a bucket manually via the AWS Console.

This means if you manually create a bucket via the AWS Console you need to be careful to enable ACLs if you're not also using Block All Public Access, as otherwise WP Offload Media will try and set ACLs and get an error.

Did you by chance create the bucket manually rather than via WP Offload Media?

Did you see any errors in the debug.log when Block All Public Access was turned off and offloading failed?

plessiez commented 2 years ago

Yes, the bucket was manually created. The bucket could be seen in the plugin UI. Choosing an intentionally incorrect bucket name caused an error.

No, there were no errors in the debug log. Offloading did not show any signs of failing – there was no sign of any attempt to offload. The only way to get an error was to intentionally set incorrect credentials, or use an incorrect bucket name.

The behaviour felt like a bug in the plugin itself, linked to the UI, that meant it did not begin triggering until I had checked that box after which it began offloading.

ianmjones commented 2 years ago

Thanks @plessiez, we hope to address this issue in a future release.

ianmjones commented 2 years ago

WP Offload Media (Lite) v3.0.0 now understands Object Ownership controls, warns of issues and allows you to manage Object Ownership enforcement.