serverless-client-s3 icon indicating copy to clipboard operation
serverless-client-s3 copied to clipboard

Published 20 hours ago verified publisher icon serverless

Can I setting s3 buckets policy locally?

Open daikiterai opened this issue 9 years ago • 3 comments

Dear serverless-team.

S3 buckets policy setting is fixed in index.js. Therefore,we always change to s3 buckets policy at deploy time. We would like to setting to s3 buckets policy in local serverless project. Do you have any ideas?

let policy = { Version: "2008-10-17", Id: "Policy1392681112290", Statement: [ { Sid: "Stmt1392681101677", Effect: "Allow", Principal: { AWS: "_" }, Action: "s3:GetObject", Resource: "arn:aws:s3:::" + this.bucketName + '/' } ] };

Thanks.

daikiterai avatar Apr 27 '16 08:04 daikiterai

oh do you mean if you add to the bucket policy after first deployment and try to deploy again, it'll overwrite your changes?

hmmm interesting! yeah I think you're right. It should be in a policy.json file that you can add to.

eahefnawy avatar Apr 28 '16 06:04 eahefnawy

Thank you for your answer. Yes,I separete two policy in same backet, one is for management, another is for global. like below

{ "Version": "2008-10-17", "Id": "Policy1392681112290", "Statement": [ { "Sid": "IPAllow", "Effect": "Allow", "Principal": "*", "Action": "s3:*", "Resource": "arn:aws:s3:::(bucketName)/manager/*", "Condition": { "IpAddress": { "aws:SourceIp": [ "(secure IP address)" ] } } }, { "Sid": "IPAllow", "Effect": "Allow", "Principal": "*", "Action": "s3:*", "Resource": "arn:aws:s3:::(bucketName)/public/*" } ] }

"sls client deploy" command is restore bucket policy to default. I hope setting policy in local project with config file(ex: policy.json or s-project.json) . It's also available for CI.

Thanks.

daikiterai avatar Apr 28 '16 06:04 daikiterai

we put in a PR for this.. waiting for it to get merged: https://github.com/serverless/serverless-client-s3/pull/31

str3tch avatar Aug 29 '16 07:08 str3tch