@cdsupina you asked me to make a new bucket since you didnt want to care about this trash, so I did.
This one hooks up a part of it to cloudfront. and is otherwise fairly locked down. Having a public read s3 bucket is generally not great because we pay when people download from the bucket (so someone could just run ./asset-manager.sh 100k times and we need to pay), so we want to control how that happens and generally serve public-facing assets from a CDN, while locking down privileges to the s3 service.
The key here is an IAM User role that can be assumed by @cdsupina , me and maybe @LordDeatHunter
@cdsupina you asked me to make a new bucket since you didnt want to care about this trash, so I did.
This one hooks up a part of it to cloudfront. and is otherwise fairly locked down. Having a public read s3 bucket is generally not great because we pay when people download from the bucket (so someone could just run ./asset-manager.sh 100k times and we need to pay), so we want to control how that happens and generally serve public-facing assets from a CDN, while locking down privileges to the s3 service.
The key here is an IAM User role that can be assumed by @cdsupina , me and maybe @LordDeatHunter