Closed cagrimmett closed 7 months ago
Currently on our bucket we have the DeleteObject permission added. Also, at some point, we added support for user defined ACL, but, when we enabled that:
public-read
as the ACL).s3:PutObjectACL
was added to the bucket policy.Since we have public access, I did some tests using the AWS CLI to generate a presigned URL to access my own feed.
I think what we need now is to create a new DNS entry on feedland.org
to point to our bucket (maybe data.a8c.feedland.org
).
I'm assuming that the above URL wouldn't work without public access.
We're going to hit another problem with HTTPS -- I asked ChatGPT to outline the issues with mapping a CNAME to an S3 bucket.
https://chat.openai.com/share/7ff15eed-db11-4ab1-95d2-1b009d8dd157
Hey @scripting, so we currently have:
/storage/privateFiles
/feeds
/likes
on our bucket root. The only thing that shouldn't have public-read
access is the /storage/privateFiles
folder, is that correct?
We're going to hit another problem with HTTPS -- I asked ChatGPT to outline the issues with mapping a CNAME to an S3 bucket.
Interesting... ChatGPT mentions that the CNAME should match the bucket name but we'll need to enable CloudFront as well.
ChatGPT on setting up private folders in otherwise public buckets: https://chat.openai.com/share/967bb74e-fc88-4dc4-8cbe-69e4ca9d0ecc
The only thing that shouldn't have public-read access is the /storage/privateFiles folder, is that correct?
Yes.
I'm going to check what we need for the CNAME to work, if we can choose any CNAME, what would that be @scripting? data.a8c.feedland.org
?
It doesn’t matter what we choose now, we’ll be changing it next week. Let’s use data.feedland.dev for now, Tell me what I should map it to and I’ll do it.
Noting here that files like appPrefs.json
etc are no longer accessible.
It doesn’t matter what we choose now, we’ll be changing it next week.
Let's wait for it then and make all the changes at once 🙂
We have setup data.feedland.com. Closing this issue for now.
See: https://github.com/scripting/feedlandInstall/issues/43
@fmfernandes started on this work. Can you provide an update and outline where we are?