bemoody

Hiding name of the editor makes sense. But I think it would be better to have a *different contact address for each project*. - Ideally I'd want discussions to be...

There are a couple of things we could do to help with this sort of issue: - Better organizing the .env.example file so it's clear "these are things you *need*...

Just using the GetObject permission doesn't quite work - if the resource doesn't exist then we get a 403 even if we have permission to access it. https://stackoverflow.com/a/19038017 explains why...

Unfortunately, patching in X-Amz-Expected-Bucket-Owner *doesn't* work. Don't know if there's a way to include that header in the `aws s3 presign` command. We can live without it, it just feels...

Now with UI and should be working!

Nits: - modal before deleting - better error message for unsupported (non-AIDA) identity - save original `Arn` so we can show it on the edit_cloud page?

Hmm. Some sources say that Amazon presigned URLs have a maximum expiration time of one week. Maybe that's true for the v4 signature? It's definitely not true for the v2...

github-advanced-security, you're adorable. It's a fair point that I should rework that regexp to reduce backtrackability (though I'm not sure it's possible to completely fix the issue; python `re` is...

I believe this approach should work **if we use S3 Access Points** to grant access. If we use **S3 Access Grants** then it is less clear - can we still...

> So we may have to decide which approach to take before deciding how to validate identities. I'm still not clear about the access-grant thing and how it would work....