seankross
commented
9 months ago My super hot take about this is that we should totally avoid bucket ACLs, which I believe is possible. I think they're a legacy feature that has been replaced by Policies.
Open sckott opened 9 months ago
seankross
commented
9 months ago My super hot take about this is that we should totally avoid bucket ACLs, which I believe is possible. I think they're a legacy feature that has been replaced by Policies.
sckott
commented
9 months ago I like that take. Makes sense, I can see there's a number of AWS docs pages that say ACLs are deprecated.
I googled around a bit and don't see it: What's the process for managing permissions for buckets then? We can do policies stuff for users, groups, roles, but not sure how it's done for buckets.
sckott
commented
9 months ago removed the 2 bucket acl fxns
seankross
commented
9 months ago I think this is where we should get really opinionated. It appears there are both IAM Policies that can govern bucket access, and Bucket Policies that apply to individual buckets: https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-iam-policies.html. I think we should abstract these details away from end users, and enable the following functionality:
It would be cool if for these use cases the end user didn't have to worry about policies, and sixtyfour could create, find, and assign the appropriate policies.
sckott
commented
8 months ago Sorry for the delay. Okay, so maybe the functions would look like:
aws_bucket_as_public()aws_file_url(type = "private") or aws_file_url(type = "public")aws_group(name="users") %>% aws_bucket_allow_read()aws_group(name="users") %>% aws_bucket_allow_read_write()Thoughts?
sckott
commented
8 months ago @seankross #21 may be the same as
Some functionality where you can get a public file's public URL
at least related
At least I currently don't have permission to modify bucket ACLs, so can't test and make sure that
aws_bucket_acl_modifyworks.Perhaps with the new test AWS account i'll be able to test this.