search

sst / guide

Repo for guide.sst.dev
https://guide.sst.dev
MIT License
3.68k stars 446 forks source link

Add S3 logging #427

Open boxabirds opened 4 years ago

boxabirds commented 4 years ago

I'm at the "Add Note attachment to S3" and I'm having some permission issues. It'd be great for the guide to enable object-level logging with CloudTrail when the note bucket is set up. Ironically the permission problem I have seems to be disabling the ability … to log as well… fun and games.

jayair commented 4 years ago

Oh. Post what you end up figuring out.

boxabirds commented 4 years ago

Right I can't get my project to accept this line in the S3 bucket policy:

arn:aws:s3:::kiwi-notes-app-uploads/private/${cognito-identity.amazonws.com:sub}/*

I had to use this instead:

arn:aws:s3:::kiwi-notes-app-uploads/private/*

which is obviously a security issue.

jayair commented 4 years ago

Yeah that's really weird cos the first one should work.