Open woutersamaey opened 2 years ago
You can restrict user to specific bucket by using the following security policy
{
"Version": "2012-10-17",
"Statement": [
{
"Action": [
"s3:PutObject",
"s3:PutObjectAcl",
"s3:PutObjectAclVersion",
"s3:AbortMultipartUpload",
"s3:ListBucket",
"s3:GetObject"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::bucketname-here"
},
{
"Action": [
"s3:PutObject",
"s3:PutObjectAcl",
"s3:PutObjectAclVersion",
"s3:AbortMultipartUpload",
"s3:ListBucket",
"s3:GetObject"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::bucketname-here/*"
}
]
}
and Changing default acl settings to "private" (eidt wp-config.php).
define('S3_UPLOADS_OBJECT_ACL', 'private');
This helped me fix the issue I hope it helps you, too :)
The issue turned out to be the fact that my bucket didn't have ACL enabled (which is a thing now - in the past this feature did not exist). Setting the S3_UPLOADS_OBJECT_ACL
to NULL
fixed this.
I believe the way the files are pushed via the API means that the file is created at zero bytes, then ACLs are applied, then the content is populated. (You can also see this in versioned buckets; the initial version is always zero bytes.)
We should clarify the ACL requirement in the documentation at least.
@woutersamaey nice one! Your tip kept from having to choose another plugin. Would be great to have this info on the main documentation, specially because AWS is favoring policies over ACL.
define('S3_UPLOADS_OBJECT_ACL', null);
I can upload my file, but it is always 0 bytes when I examine it in S3. Is this a known issue?