Closed dbernstein closed 7 years ago
Thoughts, @eefahy @bbranan @jcoyne @cbeer ?
Thanks for pointing this out Danny. We had set ACLs on the bucket to give read access, but those permissions don't automatically apply to content in the bucket. I've added a bucket permissions policy which does apply to all content. So any files placed in that bucket are now available for anyone to download without needing to set a policy on the individual item, which I believe is the goal. You should be all set.
I was trying to run the stack today and ran into a failure that I traced back to "Access Denied" responses when trying to download fcrepo-webapp-4.8.0-SNAPSHOT.war from hybox-deployment-artifacts. On further investigation I noticed that running
aws s3 sync s3://hybox-deployment-artifacts/ . --exclude "*" --include "fcrepo-webapp*"
resulted in fcrepo-webapp-4.5.1.war succeeding while fcrepo-webapp-4.6.0.war, fcrepo-webapp-4.7.1.war, and fcrepo-webapp-4.8.0-SNAPSHOT.war failed. It suggests the world readable permissions are being set on a file by file basis. Perhaps the whole bucket should be public?