Comments (6)
My super hot take about this is that we should totally avoid bucket ACLs, which I believe is possible. I think they're a legacy feature that has been replaced by Policies.
from sixtyfour.
I like that take. Makes sense, I can see there's a number of AWS docs pages that say ACLs are deprecated.
I googled around a bit and don't see it: What's the process for managing permissions for buckets then? We can do policies stuff for users, groups, roles, but not sure how it's done for buckets.
from sixtyfour.
removed the 2 bucket acl fxns
from sixtyfour.
I think this is where we should get really opinionated. It appears there are both IAM Policies that can govern bucket access, and Bucket Policies that apply to individual buckets: https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-iam-policies.html. I think we should abstract these details away from end users, and enable the following functionality:
- A function to make a bucket publicly open on the internet for anyone to read from.
- Some functionality where you can get a public file's public URL.
- A function to allow a specific user/group/role to read from a bucket.
- A function to allow a specific user/group/role to read and write from a bucket.
It would be cool if for these use cases the end user didn't have to worry about policies, and sixtyfour could create, find, and assign the appropriate policies.
from sixtyfour.
Sorry for the delay. Okay, so maybe the functions would look like:
aws_bucket_as_public()
aws_file_url(type = "private")
oraws_file_url(type = "public")
aws_group(name="users") %>% aws_bucket_allow_read()
aws_group(name="users") %>% aws_bucket_allow_read_write()
Thoughts?
from sixtyfour.
@seankross #21 may be the same as
Some functionality where you can get a public file's public URL
at least related
from sixtyfour.
Related Issues (20)
- Impersonate for admins?
- Document minio usage in more detail
- Localstack HOT 1
- Magic functions HOT 1
- Fill out Description field in DESCRIPTION file
- Simulate user
- RDS list and create throwing errors HOT 2
- Is return value of aws_bucket_upload correct? HOT 4
- Return value for aws_file_delete HOT 2
- Users can see buckets they haven't been granted permissions for HOT 5
- aws_file_upload changes file w/o extension into a directory within the s3 bucket HOT 1
- magic function idea: six_bucket_delete HOT 5
- aws_secrets_all errors when there are no secrets HOT 2
- user with write permissions for bucket unable to upload folders or files HOT 5
- magic function: six_file_upload HOT 2
- sending to cran
- aws_s3_policy_doc_create: support > 1 statement?
- Make entity_type and entity_value fxns more robust
- Hide secrets? HOT 3
- Billing: handle `RECORD_TYPE` via filter or group_by HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from sixtyfour.