Open sckott opened 9 months ago
My super hot take about this is that we should totally avoid bucket ACLs, which I believe is possible. I think they're a legacy feature that has been replaced by Policies.
I like that take. Makes sense, I can see there's a number of AWS docs pages that say ACLs are deprecated.
I googled around a bit and don't see it: What's the process for managing permissions for buckets then? We can do policies stuff for users, groups, roles, but not sure how it's done for buckets.
removed the 2 bucket acl fxns
I think this is where we should get really opinionated. It appears there are both IAM Policies that can govern bucket access, and Bucket Policies that apply to individual buckets: https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-iam-policies.html. I think we should abstract these details away from end users, and enable the following functionality:
It would be cool if for these use cases the end user didn't have to worry about policies, and sixtyfour could create, find, and assign the appropriate policies.
Sorry for the delay. Okay, so maybe the functions would look like:
aws_bucket_as_public()
aws_file_url(type = "private")
or aws_file_url(type = "public")
aws_group(name="users") %>% aws_bucket_allow_read()
aws_group(name="users") %>% aws_bucket_allow_read_write()
Thoughts?
@seankross #21 may be the same as
Some functionality where you can get a public file's public URL
at least related
At least I currently don't have permission to modify bucket ACLs, so can't test and make sure that
aws_bucket_acl_modify
works.Perhaps with the new test AWS account i'll be able to test this.